Groz-999 Virus


 Virus Name:  Groz-999 
 Aliases:    
 V Status:    Rare 
 Discovered:  November, 1993 
 Symptoms:    .COM & .EXE growth; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  999 - 1,096 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM &.EXE Infector 
 Detection Method:  F-Prot, AVTK, Sweep, ViruScan, 
                    NAV, NAVDX, VAlert, IBMAV, ChAV, 
                    Sweep/N, NShld, AVTK/N, NAV/N, IBMAV/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Groz-999 virus was received in November, 1993.  Its origin or 
       point of isolation is unknown.  Groz-999 is a memory resident 
       infector of .COM and .EXE programs, including COMMAND.COM. 
 
       When the first Groz-999 infected program is executed, this virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 4,096 bytes.  Interrupts 24 and 81 
       will be hooked by the virus in memory. 
 
       Once memory resident, the Groz-999 virus will infect .COM and .EXE 
       programs when they are executed.  Infected programs increase in size 
       by 999 to 1,096 bytes with the virus being located at the end of the 
       file.  The program's date and time in the DOS disk directory listing 
       will not be altered.  One text string is encrypted within the viral 
       code: 
 
               "AIDSTEST" 
 
       It is unknown what Groz-999 does besides replicate.

Show viruses from discovered during that infect .

Main Page