Happy New Year Virus


 Virus Name:  Happy New Year 
 Aliases:     Happy N.Y., V1600, 1600, Dear Nina 
 V Status:    Rare 
 Discovered:  December, 1989 
 Symptoms:    TSR; .COM & .EXE growth; floppy boot sector altered; 
              boot failures; bad or missing command interpreter message 
 Origin:      Bulgaria 
 Eff Length:  1,600 Bytes 
 Type Code:   PRsAK - Resident Parasitic .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, NAV, Sweep, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Happy New Year, or V1600, virus was submitted in December, 1990. 
       This virus is originally from Bulgaria, and is a memory resident 
       infector of .COM and .EXE files.  It will infect COMMAND.COM. 
 
       The first time a program infected with the Happy New Year virus is 
       executed, the virus will install itself memory resident as a 2,432 
       bytes low system memory TSR.  Interrupt 21 will be hooked by the 
       virus.  At this time, the virus will also make a slight alteration 
       to the floppy boot sector, and infect COMMAND.COM.  Infected 
       COMMAND.COM files will not show a file length increase as the virus 
       will overwrite a portion of the hex 00 section of the file.  The 
       altered floppy boot sector does not contain a copy of the virus, and 
       is not infectious. 
 
       Once Happy New Year is memory resident, it will infect .COM and .EXE 
       programs as they are executed.  Infected programs will increase in 
       length by 1,600 bytes and have the virus located at the end of the 
       infected file. 
 
       The following text message can be found in infected programs: 
 
               "Dear Nina, you make me write this virus; Happy new year!" 
               "1989" 
 
       This message is not displayed by the virus. 
 
       Systems infected with the Happy New Year virus may fail to boot, 
       receiving a "Bad or missing command interpreter" message if 
       COMMAND.COM is infected on the boot diskette or hard drive. 
 
       It is unknown if Happy New Year carries any destructive capabilities. 
 
       Known variant(s) of Happy New Year are: 
       Happy New Year B: Similar to Happy New Year, this variant has five 
                         bytes which differ from the original virus.  Unlike 
                         Happy New Year, COMMAND.COM will only be infected 
                         if it is executed for some reason.

Show viruses from discovered during that infect .

Main Page