Halloween Virus


 Virus Name:  Halloween 
 Aliases:     Happy Halloween 
 V Status:    Rare 
 Discovered:  December, 1991 
 Symptoms:    .COM & .EXE growth; very slow program loads; Runtime errors 
 Origin:      Unknown 
 Eff Length:  10,000 Bytes 
 Type Code:   PNAK - Non-Resident Parasitic .COM &.EXE Infector 
 Detection Method:  ViruScan, Sweep, AVTK, F-Prot, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, Sweep/N, Innoc, AVTK/N, NAV/N, NProt, IBMAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Halloween, or Happy Halloween, virus was received in December, 
       1991.  Its origin, or point of original isolation, is unknown. 
       Halloween is a direct action infector of .COM and .EXE files, 
       including COMMAND.COM. 
 
       When a program infected with the Halloween virus is executed, the 
       virus will search the current directory for an infected .EXE file 
       over approximately 10K in size to infect.  If one is found, the 
       Halloween virus will infect it.  If an uninfected .EXE file is not 
       found, the virus will then search the current directory for an 
       uninfected .COM program over approximately 10K in size to infect. 
       If an uninfected .COM program is then found, it will infect it. 
       If all of the candidate .COM and .EXE programs over 10K in size 
       have previously been infected, the user may receive the following 
       error message, and be returned to the DOS prompt: 
 
               "Runtime error 002 at 0000:0511" 
 
       Halloween infected programs will have a file length increase of 
       10,000 bytes.  The virus will be located at the beginning of the 
       infected file.  The file's date and time in the DOS disk directory 
       listing will not have been altered.  The following text strings 
       can be found within the viral code of Halloween infected files: 
  
               "*.*" 
               "ALL   GONE" 
               "Happy Halloween" 
 
       The Halloween virus activates when an infected program is executed 
       on October 31st.  At that time a 10,000 byte file with a blank 
       file name will be created in the current directory with the current 
       system date and time.  This file will contain pure virus code.  The 
       user will then receive the following error message: 
 
               "Runtime error 150 at 0000:0AC8" 
 
       Halloween infected systems will experience extremely slow program 
       loads when an infected program is executed.  It is not unusual for 
       these program loads to last 2 to 5 minutes.

Show viruses from discovered during that infect .

Main Page