Frogs Virus


 Virus Name:  Frogs 
 Aliases:     Frog's Alley 
 V Status:    Rare 
 Discovered:  March, 1991 
 Symptoms:    .COM growth; message; FAT & directory damage; programs 
              disappear; disk volume label change; long disk access times 
 Origin:      United States 
 Eff Length:  1,500 Bytes 
 Type Code:   PRCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, AVTK, NAV, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Frogs, or Frog's Alley, virus was submitted in March, 1991 by 
       David Grant of the United States.  This virus is a memory resident 
       infector of .COM files, including COMMAND.COM. 
 
       When the first program infected with Frogs is executed, this 
       virus will install itself memory resident in low, unreserved system 
       memory.  Interrupts 09, 20, 21, and 2F will be hooked by the virus. 
       At this time, Frogs will also infect COMMAND.COM and one other .COM 
       file in the current directory. 
 
       After becoming memory resident, Frogs will infect one .COM file 
       each time an infected program is executed or a DIR command is 
       performed.  In either case, long disk accesses will be noticeable 
       either when an infected .COM program is executed, or as the DIR 
       command completes.  .COM files are only infected if their original 
       file length was 1,500 or more bytes. 
 
       Programs infected with Frogs will have a file size increase of 
       1,500 bytes, and the file's date and time in the disk directory 
       will have been updated to the system date and time when the 
       infection occurred.  The virus will be located at the beginning of 
       infected programs. 
 
       Frogs activates on the 5th day of any month.  When an infected 
       program is executed on the 5th, the following message will be 
       displayed: 
 
 "(V) AIDS R.2A - Welcome to Frog's Alley !, (c) STPII Laboratory - Jan 1990" 
 
       This message will again be displayed whenever a DIR command is 
       performed.  The first time the message is displayed, the virus will 
       remove the system files and COMMAND.COM from the disk.  Other 
       programs will still be accessible until they are also removed, or 
       the virus is no longer in memory.  Once the virus is no longer in 
       memory, the disk will display the volume label "s Alley !" and have 
       no files found when a DIR command is performed.  The disk's FAT and 
       root directory will have been overwritten with the above message 
       multiple times. 
 
       Other symptom's of Frogs are long disk access times when executing 
       programs or performing DIR commands, as well as occasional unexpected 
       accesses to the B: disk drive.  Some memory intensive applications 
       will hang when Frogs is active in memory. 
 
       Known variant(s) of Frogs are: 
       Frogs-B: Similar to the original virus, this variant contains 
                the text string "Diabolik!" near the end of the viral code 
                in all infected files. 
                Origin:  Unknown  January, 1992.

Show viruses from discovered during that infect .

Main Page