Grunt-1 Virus


 Virus Name:  Grunt-1 
 Aliases:     344 
 V Status:    Rare 
 Discovery:   September, 1992 
 Symptoms:    .COM file growth; sectors overwritten on hard disk 
 Origin:      United States 
 Eff Length:  344 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, NAV, IBMAV, ChAV, 
                    NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, AVTK/N, NAV/N, NProt, IBMAV/N, 
                    Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Grunt-1 virus was received in September, 1992.  It is originally 
       from the United States.  The Grunt-1 virus is a non-resident 
       direct action infector of .COM programs, including COMMAND.COM. 
 
       When a program infected with the Grunt-1 virus is executed, the 
       Grunt-1 virus will infect one .COM program located in the current 
       directory.  Infected programs will have a file length increase 
       of 344 bytes with the virus being located at the end of the file. 
       The program's date and time in the DOS disk directory listing will 
       not be altered.  The following text string is encrypted within the 
       viral code, and is not visible in infected programs: 
 
               "[GRUNT-1] -=> Agent Orange '92 <=- *.com .." 
 
       The Grunt-1 virus activates when an infected program is executed 
       after January 1, 1993.  At that time, the virus will overwrite 
       random sectors on the system hard drive (C:, D:, and E:). 
 
       Known variant(s) of Grunt-1 are: 
       Grunt-1B: Also received in September, 1992, Grunt-1B is 
                 functionally very similar and contains the same 
                 encrypted text string.  Grunt-1B adds 346 bytes to the 
                 .COM programs it infects. 
                 Origin:  United States  September, 1992. 
       Grunt-3: Received in February, 1993, Grunt-3 is a later version 
                of the Grunt-1 virus.  It infects one .COM program located 
                in the current or a higher directory when an infected 
                program is executed.  Infected programs will have a file 
                length increase of 473 bytes with the virus being located 
                at the end of the file.  The program's date and time in the 
                DOS disk directory listing will not be altered.  The 
                following text strings are encrypted within the Grunt-3 
                viral code: 
                "[GRUNT-3] -=> Agent Orange `92 <=-" 
                "This is a hot LZ ... Eradicating the Enemy!" 
                "*.COM .." 
                Origin:  United States  February, 1993. 
       Grunt-4: Received in February, 1994, Grunt-4 is a later version 
                of the Grunt-1 virus.  It infects one .COM program located 
                in the current directory when an infected program is 
                executed.  Infected programs will have a file length increase 
                of 529 bytes with the virus being located at the end of the 
                file.  The program's date and time in the DOS disk directory 
                listing will not be altered.  The following text strings are 
                encrypted within the Grunt-4 viral code: 
                "[GRUNT-4] *.COM TBFIL.XXX .. -=> Agent Orange `92 <=-" 
                "Nothing like the smell of napalm in the morning!" 
                Origin:  Unknown  February, 1994.

Show viruses from discovered during that infect .

Main Page