Green Peace Virus


 Virus Name:  Green Peace 
 Aliases: 
 V Status:    Viron 
 Discovered:  April, 1991 
 Symptoms:    .EXE files overwritten; message displayed; system hangs; 
              additional files located on disk; file date/time changes 
 Origin:      United States 
 Eff Length:  15,022 Bytes 
 Type Code:   ONE - Overwriting Non-Resident .EXE Infector 
 Detection Method: NAV, NAVDX, ViruScan, AVTK 7.68+, 
                   NAV/N, NShld 2.33+, AVTK/N 7.68+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Green Peace virus was received in April 1991 from a United 
       States source.  This virus is a non-resident overwriting virus which 
       infects .EXE programs.  It is a research virus, its original source, 
       as well as an infected .COM file arrived as the original submission. 
 
       When a program infected with Green Peace is infected, the virus will 
       infect all .EXE programs located in the current directory by 
       overwriting the first 15,022 bytes with the virus.  If the .EXE 
       program was originally smaller than 15,022 bytes, its length on 
       infection will be 15,022 bytes.  Larger files will not have any file 
       size increase.  The date and time of infected files will be updated 
       to the system date and time when infection occurred.  All infected 
       .EXE files will contain the following text near the beginning of the 
       program: 
 
               "Green PeaceGreen Peace" 
 
       After infecting all of the .EXE files in the current directory, the 
       virus will then scroll the system display and display the message 
       "Green Peace" in the middle of the screen.  The system will then 
       appear to be hung until CTRL-C is hit several times. 
 
       Two additional files can be found in disk directories containing 
       programs infected with Green Peace.  These files are named INH and 
       7.EXE.  The INH file contains a list of all files in the current 
       directory which are infected.  7.EXE contains a pure copy of the 
       Green Peace virus. 
 
       The original sample received of this virus is a .COM file which 
       "drops" the Green Peace virus.  It does not contain the above text 
       string, but instead contains the text string "GREEN". 
 
       Green Peace does not do anything besides replicate (overwriting its 
       host) and displaying its message.

Show viruses from discovered during that infect .

Main Page