Gremlin Virus


 Virus Name:  Gremlin 
 Aliases:     Greemlin 
 V Status:    Rare 
 Discovered:  May, 1991 
 Symptoms:    .COM & .EXE growth; system slowdown; file dates may disappear; 
              overwrites disks 
 Origin:      Unknown 
 Eff Length:  1,146 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, NAV, Sweep, AVTK, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, 
                    IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Gremlin, or Greemlin, virus was submitted in May, 1991 by the 
       PCVRF.  This virus is a memory resident infector of .COM and .EXE 
       files, including COMMAND.COM.  Its origin is unknown. 
 
       The first time a program infected with Gremlin is executed, the 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary.  Interrupt 12's return is 
       not moved.  The virus will hook interrupts 08 and 21. 
 
       Once Gremlin is memory resident, it will infect .COM and .EXE files 
       when they are executed.  If COMMAND.COM is executed, it will become 
       infected.  Infected files increase in length by 1,146 bytes with the 
       virus being located at the end of the program.  The increase in file 
       length will be hidden by the virus if Gremlin is memory resident. 
       The program's time in the disk directory will disappear if it was 
       originally 12:00A. 
 
       The text string "greemlin" can be found in all infected programs. 
 
       Infected systems may notice a slight slowdown in speed of 
       approximately 10%. 
 
       Gremlin is a destructive virus.  It contains code to overwrite 
       sectors on the A:, B:, and C: drives on June 14th of any year. 
 
       See:   Alfa

Show viruses from discovered during that infect .

Main Page