Grapje Virus


 Virus Name:  Grapje 
 Aliases:     1012 + 27, 1039, Dutch 1039 
 V Status:    Rare 
 Discovered:  September, 1991 
 Symptoms:    .COM file growth; system hangs; screen display scrolling; 
              long program loads 
 Origin:      The Netherlands 
 Eff Length:  1,039 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, Sweep, F-Prot, AVTK, NAV, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Grapje, 1012 + 127, 1039, or Dutch 1039 virus was received from 
       Jan Terpstra of The Netherlands in September, 1991.  Grapje is a 
       non-resident direct action infector of .COM files, including 
       COMMAND.COM. 
 
       When a program infected with Grapje is executed, the virus will 
       search the current directory looking for an uninfected .COM file 
       to infect.  If an uninfected .COM file is found, it will become 
       infected.  If COMMAND.COM exists in the current directory, it may 
       become infected with Grapje.  If an uninfected file was not found 
       in the current directory, then Grapje will search the disk's 
       directory structure looking for an uninfected file to infect. 
 
       Programs infected with Grapje increase in size by 1,039 bytes.  The 
       virus will be located at the beginning of the infected file.  There 
       will be no visible change to the file's date and time in the DOS 
       disk directory.  The following text strings can be found within 
       the Grapje virus in infected files: 
 
               "????????COM" 
               "*.com" 
               "GRAPJE!!" 
 
       Execution of some infected programs will result in a system hang. 
       When the system hang occurs, two .COM programs will have been 
       infected by Grapje, instead of the usual one. 
 
       Occassionally, Grapje will display a screen effect when an infected 
       program is executed.  Randomly, Grapje will fill the screen buffer 
       with random data from memory, scrolling the system display.  When 
       this occurs, the only way to stop it is to reboot the system. 
       Additionally, the virus contains code to display the "GRAPJE!!" 
       string repeatedly, scrolling the screen after 30 days have elasped 
       since the time the user started to execute the program.  Unless the 
       user started to execute the program right before midnight on the 
       last day of a month, and at exactly the right split second, this 
       display will never be seen.

Show viruses from discovered during that infect .

Main Page