HLLC Virus


 Virus Name:  HLLC 
 Aliases:     HLLC.4658 
 V Status:    New 
 Discovered:  June, 1997 
 Symptoms:    hidden companion .COM files created 
 Origin:      Unknown 
 Eff Length:  4,658 Bytes 
 Type Code:   SNE - Companion Or Spawning .EXE Infector 
 Detection Method:  AVTK, ViruScan, NAVDX, NAV, 
                    AVTK/N, NAV/N 
 Removal Instructions:  Delete infected hidden .COM files 
 
 General Comments: 
       The HLLC or HLLC.4658 virus was received in June, 1997.  Its origin 
       or point of isolation is unknown.  This virus was written in a 
       high-level languange, hence its name.  HLLC.4658 is a non-resident, 
       direct action companion virus. 
 
       When a program infected by this virus is executed, this virus will 
       infect all of the .EXE files located in the current directory and 
       the C:\DOS directory.  It infects files by creating a companion .COM 
       file with the same base file name, having a .COM extension.  These 
       companion files will be 4,658 bytes in length.  They are not visible 
       in the DOS disk directory as the read only and hidden attributes are 
       set.  The file's date and time will be set to the system date and 
       time when infection occurred.  The following text strings are visible 
       within all infected .COM files: 
 
           "KRAD Virus! by Metabolis/VLAD.." 
           "lame but it works!:)" 
 
       Known variant(s) of HLLC are: 
       HLLC.4000: Also received in June, 1997, this is a 4,000 byte 
           companion virus also written in a high level language.  It 
           infects one .EXE file in the current directory when an infected 
           program is executed by renaming the .EXE file being infected 
           so that the file extension is .OVL.  Once the rename has 
           occurred, the virus then writes a copy of itself with the 
           program being infected's base file name with the .EXE extension. 
           The file's date and time in the DOS disk directory listing 
           will be 1-02-80 6:37:28am for the .EXE file, while the .OVL 
           file will have the program's original date and time.  The 
           following message may also be displayed on the system monitor: 
           "Virus RIDER, Let's go on riding! 
            I beg your pardon, your infected file cannot be executed..." 
           This text is partially encrypted within the viral code. 
           Once all of the .EXE files in a directory have become infected, 
           .EXE programs will once again function properly. 
           Origin:  Unknown  June, 1997.

Show viruses from discovered during that infect .

Main Page