Gidra-469 Virus

Virus Name: Gidra-469 Aliases: Gidra V Status: Rare Discovered: November, 1993 Symptoms: .COM file growth; file date/time seconds set to "62" Origin: Unknown Eff Length: 469 bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: ViruScan, F-Prot, Sweep, AVTK, VAlert, NAV, NAVDX, IBMAV, PCScan, ChAV, NShld, Sweep/N, NAV/N, IBMAV/N, AVTK/N, NProt, Innoc Removal Instructions: Delete infected files General Comments: The Gidra-469 virus was submitted in November, 1993. Gidra-469 is a non-resident, direct action infector of .COM programs, including COMMAND.COM. When a program infected with the Gidra-469 virus is executed, this virus will infect all of the .COM programs located in the current directory. Infected .COM programs, with the exception of COMMAND.COM, will have a file length increase of 469 bytes. In the case of COMMAND.COM, there will be no file length increase as the virus will overwrite 469 bytes of hex 00 characters located at the end of the file. In both cases, the virus will be located at the end of the file. The program's date and time in the DOS disk directory listing will not appear to be altered, though the seconds field will have been set to "62". The following text strings are visible within the viral code in all Gidra-469 infected programs: "I'm GIDRA v1.6: Life is Good, But Good Life Better Yet." "*.COM COMMAND" "GD" The last text string, "GD", appears at the very end of all infected files. Known variant(s) of Gidra are: Gidra.502: Received in July, 1995, this is a 502 byte variant of the the Gidra-469 virus described above. It contains the following text strings: "I'm GIDRA v1.6 : Life is Good, But Good Life Better Yet." "*.COM " "COMMAND " "GD" It is functionally similar to the original virus. Origin: Unknown July, 1995. Gidra.505: Received in July, 1995, this is a 505 byte variant of the Gidra-469 virus described above, and is functionally similar. It contains the same text strings as Gidra.502. Origin: Unknown July, 1995.