Halka Virus

Virus Name: Halka Aliases: Halka.1000 V Status: New Discovered: July, 1995 Symptoms: .COM file growth; file date/time changes Origin: Argentina Eff Length: 1,000 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: F-Prot, AVTK, VAlert, Sweep, NAV, NAVDX, IBMAV, ViruScan, PCScan, ChAV, Sweep/N, NAV/N, AVTK/N, IBMAV/N, NShld, NProt, Innoc Removal Instructions: Delete infected files General Comments: The Halka virus was received in July, 1995, and appears to be from Argentina. Halka is a non-resident, direct action infector of .COM files, including COMMAND.COM. When a program infected with the Halka virus is executed, this virus will infect one .COM file located in the current directory. Infected files will have a file length increase of 1,000 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. The following text strings are visible within the viral code: "*.C?M" "Estes es el virus 786 Version 1" "Echo por -->" "/A.H.D. HALKA/. Industria Argentina" "Quemen al mu¤eco del `94!" "OHH NO, ME HA DESCUBIERTO!!!" Known variant(s) of Halka are: Halka.720: Received in January, 1996, this is a 720 byte variant of the Halka virus described above. It infects one .COM file located in the current directory when an infected program is executed. Infected files will have a file length increase of 720 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. The following text string is encrypted within the viral code: "Aqui no estoy!" Origin: Unknown January, 1996.