Graveyard-479 Virus


 Virus Name:  Graveyard-479 
 Aliases:    
 V Status:    Rare 
 Discovered:  July, 1993 
 Symptoms:    .COM file growth; 
              decrease in total system & available free memory 
 Origin:      Norway 
 Eff Length:  479 Bytes 
 Type Code:   PRtCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, NAVDX, NAV, AVTK 7.68+, 
                    NShld, NAV/N, AVTK/N 7.68+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Graveyard-479 virus was received from Norway in July, 1993. 
       It is a memory resident infector of .COM programs, including 
       COMMAND.COM. 
 
       When the first Graveyard-479 infected program is executed, the 
       Graveyard-479 virus will install itself memory resident at the 
       top of system memory but below the 640K DOS boundary, moving 
       interrupt 12's return.  Total system and available free memory, 
       as indicated by the DOS CHKDSK program, will have decreased by 
       1,024 bytes.  This virus directly hooks interrupt 21, though mapping 
       programs will not show the virus having hooked this interrupt. 
 
       Once the Graveyard-479 virus is memory resident, it will infect 
       .COM programs, including COMMAND.COM, when they are executed. 
       Infected programs will have a file length increase of 479 bytes 
       with the virus being located at the end of the file.  The program's 
       date and time in the DOS disk directory listing will not be 
       altered.  The following text strings are encrypted within the 
       Graveyard-479 viral code: 
 
               "Graveyard!" 
               "TCP1/X" 
 
       It is unknown what Graveyard-479 may do besides replicate.

Show viruses from discovered during that infect .

Main Page