Green Caterpillar-1989 Virus


 Virus Name:  Green Caterpillar-1989 
 Aliases:     Thriller 
 V Status:    Rare 
 Discovered:  February, 1994 
 Symptoms:    .COM & .EXE file growth; file date/time changes; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  1,991 - 2,005 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, NAV, NAVDX, 
                    IBMAV, Sweep, VAlert, PCScan, ChAV, 
                    NShld, NProt, AVTK/N, NAV/N, IBMAV/N, Sweep/N, LProt, 
                    Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Green Caterpillar-1989 virus was received in February, 1994.  Its 
       origin or point of isolation is unknown.  This virus is a memory 
       resident infector of .COM and .EXE programs, including COMMAND.COM. 
       It is based on the  1575  or Green Caterpillar virus. 
 
       When the first Green Caterpillar-1989 infected program is executed, 
       this virus will become memory resident at the top of system memory 
       but below the 640K DOS boundary, not moving interrupt 12's return. 
       Total system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 2,256 bytes.  Interrupt 21 will be 
       hooked by the virus in memory.  Also at this time, the virus will 
       infect the copy of COMMAND.COM located in the C: drive root directory 
       if it was not previously infected. 
 
       Once memory resident, the Green Caterpillar-1989 virus will infect 
       .COM and .EXE programs when they are executed, as well as one file 
       included in the target directory of DOS DIR commands.  Programs 
       infected with this virus will have a file length increase of 1,991 to 
       2,005 bytes with the virus being located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will have 
       been updated to the current system date and time when infection 
       occurred.  The following text strings are visible within the viral 
       code in all Green Caterpillar-1989 infected files: 
 
               "Bloody!   June  4th 
               "Made in Chengdun/" 
               "/t/h/e/ /e/y/e/s/,/y/o/u/'/r/e/ /p/a/r/a/l/y/z" 
               "It's close to midnight and something, 
                evil's lurking in the dark." 
               "Under the moonlight you see a sight, 
                that almost stops your heart." 
               "You try to scream but terror, 
                takes the sound before you make it." 
               "You start to freeze as horror looks." 
               "You right between the eyes,you're paralyzed." 
               "Cause this is thriller,thriller night, 
                and no one's gonna save you from the beast about to strike." 
               "You know it's thriller night. 
                You're fighting for your life!...(LHB)?!" 
 
       It is unknown what Green Caterpillar-1989 does besides replicate. 
 
       See:   1575

Show viruses from discovered during that infect .

Main Page