Genesis Virus


 Virus Name:  Genesis 
 Aliases:     Genesis.217 
 V Status:    Rare 
 Discovered:  August, 1994 
 Symptoms:    .COM file growth; programs fail to display output; 
              file date/time changes 
 Origin:      New 
 Eff Length:  217 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  IBMAV, AVTK, ViruScan, Sweep, F-Prot, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    Sweep/N, IBMAV/N, AVTK/N, NShld, NProt, NAV/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
        
 General Comments: 
       The Genesis or Genesis.217 virus was received in August, 1994.  This 
       virus is a non-resident, direct action infector of .COM programs, 
       including COMMAND.COM. 
 
       When a program infected with the Genesis virus is executed, this virus 
       will infect all of the .COM programs located in the current directory. 
       infected programs will have a file length increase of 217 bytes with 
       the virus being located at the end of the file.  The program's date 
       and time in the DOS disk directory listing will have been updated to 
       the current system date and time when infection occurred.  The 
       following text string is visible within the viral code: 
 
               "[Genesis 1.0]Thor*.COM" 
 
       Execution of infected .COM programs will result in the user being 
       returned to the DOS prompt, rather than having the expected action 
       of the program occur. 
 
       Known variant(s) of Genesis are: 
       Genesis.226: A later version of the Genesis virus described 
               above, this variant adds 226 bytes to the .COM programs 
               it infects.  Unlike the original virus, this variant does 
               not infect COMMAND.COM.  The infected program's date and 
               time in the DOS disk directory listing will not be altered. 
               The following text string is visible within the viral code: 
               "[Genesis 2.0]Thor*.COM" 
               Programs infected with Genesis.226 will function properly. 
               Origin:  Unknown  August 1994. 
       Genesis.238: A later version of the Genesis.226 virus described 
               above, this variant adds 238 bytes to the .COM programs 
               it infects.  The following text string is visible within the 
               viral code: 
               "[Genesis 3.0]*THOR.COM" 
               Programs infected with Genesis.238 will function properly. 
               Origin:  Unknown  August 1994. 
       Genesis.295: A later version of the Genesis.238 virus described 
               above, this variant adds 295 bytes to the .COM programs 
               it infects.  The program's date and time in the DOS disk 
               directory listing will have been updated to the current 
               system date and time when infection occurred.  The following 
               text string is visible within the viral code: 
               "[Genesis 4.0]*THOR.COM" 
               Programs infected with Genesis.295 will function properly. 
               Origin:  Unknown  August 1994.

Show viruses from discovered during that infect .

Main Page