Hellraiser Virus


 Virus Name:  Hellraiser 
 Aliases:    
 V Status:    Viron 
 Discovered:  May, 1992 
 Symptoms:    .EXE file corruption; programs fail to execute properly 
 Origin:      Canada 
 Eff Length:  1,580 Bytes 
 Type Code:   ONE - Overwriting Non-Resident .EXE Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, IBMAV, ChAV, 
                    Sweep, NAV, NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, Innoc, AVTK/N, IBMAV/N, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Hellraiser virus was received in May, 1992.  It is originally 
       from Canada.  This virus is a non-resident, direct action infector 
       of .EXE programs. 
 
       When a program infected with the Hellraiser virus is executed, the 
       virus will check the current drive to determine if more than two 
       subdirectories exist.  If more than two subdirectories exist, the 
       virus will start in the third subdirectory and check for two 
       uninfected .EXE programs to infect. 
 
       Hellraiser infected .EXE programs will have the first 1,580 bytes 
       of the host program overwritten with the Hellraiser virus viral 
       code, permanently damaging them.  There will be no change to the 
       file's length unless the file was originally smaller than 1,580 
       bytes in length.  In the case of the host program originally being 
       smaller than 1,580 bytes in length, it will become 1,580 bytes 
       in length.  The file's date and time in the DOS disk directory 
       listing will not have been altered. 
 
       Programs smaller than 64K which are infected with the Hellraiser 
       virus will return the user to the DOS prompt when the user attempts 
       to execute them.  Programs which are larger than 64K will receive 
       a "Program too big to fit in memory" message when the user attempts 
       to execute them.

Show viruses from discovered during that infect .

Main Page