Hell Virus


 Virus Name:  Hell 
 Aliases:     Year-6545, Hell-892, Pixel-897, Pixel-899, Pixel-899B, 
              Pixel-905 
 V Status:    Rare 
 Discovered:  May, 1991 
 Symptoms:    .COM file growth; file date/time changes 
 Origin:      Europe 
 Eff Length:  936 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, NAV, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Hell Virus was received from Europe in May, 1991.  Hell is a 
       non-resident direct action infector of .COM programs, including 
       COMMAND.COM. 
 
       When a program infected with Hell is executed, the virus will 
       search the current directory and infect all .COM programs found. 
       If COMMAND.COM is present in the current directory, it will be 
       infected.  A portion of the virus will remain in memory, hooking the 
       system clock. 
 
       Programs infected with Hell will increase in size by 936 bytes, the 
       virus will be located at the beginning of infected programs.  The 
       file's date and time in the DOS disk directory will also have been 
       updated to the system date and time when infection occurred. 
       Programs which are infected with Hell will contain the following 
       text strings: 
 
               "COMMAND.COM*.COM" 
               "WBO" 
               "Fucking Hell:What a smelly ass hole!!Do you want to fuck!!! 
                HaHaHa... What a Good Friday!!" 
  
       Hell is actually shorter in length than 936 bytes, the additional 
       length added by the virus will contain some text or program code 
       from a previous infection. 
 
       This virus is a variant of the Amstrad viruses, and some anti-viral 
       programs may detect it as such. 
 
       Hell and its variants can be destructive when they activate, 
       formatting the first track of the current drive. 
 
       Known variant(s) of Hell are: 
       Hell-892: Functionally equivalent to the virus described 
                 above, this variant adds 892 bytes to infected files. 
       Pixel-897: Pixel-897 is an 897 byte variant of the Hell virus. 
                 It infects all .COM files including COMMAND.COM in the 
                 current directory each time an infected program is 
                 executed.  Infected files will have a file length increase 
                 of 897 bytes, and their date and time in the DOS disk 
                 directory will have been updated.  Text strings found 
                 in infected files are: 
                 "WBO" 
                 "COMMAND.COM*.COM" 
                 "Fucking Hell: What a smelly ass hole!!" 
                 "Do you want to fuck it!!!" 
                 When Pixel-897 activates, it displays the last two text 
                 strings as a message, and overwrites the first track 
                 of the current drive, formatting it. 
                 Origin:  Europe  November, 1991 
       Pixel-899: Functionally equivalent to Pixel-897, this variant 
                  adds 897 bytes to files it infects. 
                  Origin:  Europe  November, 1991 
       Pixel-899B: Pixel-899B is similar to Pixel-899, with the 
                   exception that when it activates, it displays its message 
                   but does not format the first track of the current drive. 
                   Origin:  Europe  November, 1991. 
       Pixel-905: Pixel-905 is an 905 byte variant of Pixel-897 which 
                  is functionally equivalent, with the exception that 
                  infected files will have increased in size by 905 bytes. 
                  Origin:  Europe  November, 1991. 
 
       See:   Amstrad   Pixel   Silly   Silly-365

Show viruses from discovered during that infect .

Main Page