HLLO Virus


 Virus Name:  HLLO 
 Aliases:     HLLO.5071 
 V Status:    New 
 Discovered:  June, 1997 
 Symptoms:    .COM and/or .EXE files overwritten; file date/time changes; 
              programs fail to function properly 
 Origin:      Unknown 
 Eff Length:  Varies (see below) 
 Type Code:   ONAK - Parasitic Non-Resident .COM and/or .EXE Infector 
 Detection Method:  AVTK, ViruScan, 
                    AVTK/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       HLLO is a category of overwritting viruses which were written in 
       a high-level programming language.  They may infect .COM files, 
       .EXE files, or both types of files.  In all cases, the programs 
       fail to function properly once infected by the virus. 
 
       Known HLLO viruses include: 
       HLLO.4891: Also received in June, 1997, this virus is very 
           similar to HLLO.6528, with the exception that it infects two 
           .COM or .EXE files located in the first subdirectory of the 
           C: drive when an infected program is executed.  Infected files 
           will become 4,891 bytes in length and their date and time in 
           the DOS disk directory listing will have been updated to the 
           current system date and time when infection occurred. 
           Origin:  Unknown  June, 1997. 
       HLLO.4928: The HLLO.4928 virus was received in June, 1997, its 
           origin is unknown.  This virus will infect up to two .COM or 
           .EXE files located in the C: drive root directory when an 
           infected program is executed.  Infected programs become 4,928 
           bytes in length and their date and time in the DOS disk 
           directory listing will have been updated to the current system 
           date and time when infection occurred. 
           Origin:  Unknown  June, 1997. 
       HLLO.4980: The HLLO.4980 virus was received in June, 1997, its 
           origin is unknown.  This virus will infect up to four .COM 
           files and four .EXE files in the current directory when an 
           infected program is executed.  Infected programs will have the 
           first 4,980 bytes of the host program overwritten with the 
           viral code.  The file's date and time in the DOS disk directory 
           listing will have been updated to the current system date and 
           time when infection occurred.  The following text strings are 
           partially encrypted within the viral code: 
           "*.exe" 
           "*.com" 
           "*.ov" 
           "Hello, I'm Akarashire II, your computer is very bad." 
           Infected programs will not function properly and are permanently 
           corrupted. 
           Origin:  Unknown  June, 1997. 
       HLLO.5008: The HLLO.5008 virus was received in June, 1997, its 
           origin is unknown.  This virus will infect one .COM file in the 
           current directory when an infected program is executed. 
           Infected programs become 5,008 bytes in length and their date 
           and time in the DOS disk directory listing will have been 
           updated to the current system date and time when infection 
           occurred.  The following text strings are visible within the 
           viral code: 
           "[Num2]" 
           "Gothmog/DHA" 
           Origin:  Unknown  June, 1997. 
       HLLO.5071: The HLLO.5071 virus was received in June, 1997.  It 
           is a non-resident, direct action infector of .COM files.  When 
           an infected program is executed, this virus will infect one 
           .COM file, including possibly COMMAND.COM, located in the 
           current directory.  The file length of all infected programs 
           will become 5,071 bytes.  The file's date and time in the DOS 
           disk directory listing will be set to the system date and time 
           when infection occurred.  The following text strings are 
           partially encrypted within the viral code: 
           "ATTENTION:" 
           "I have been elected to inform you that throughout your process" 
           "collecting and executing files, you have accidentally PHUCKED" 
           "yourself over; again, that's PHUCKED yourself over. No it 
            cannot" 
           "be; YES, it CAN be, a virus has infected your system. Now 
            what do" 
           "you have to say about that? HAHAHAHA. Have PHUN with this one 
            and" 
           "remember, there is NO cure for" 
           "Portions Copyright (c) 1983,92 Borland" 
           Programs infected with this virus will always not function, 
           displaying the message "Program too big to fit in memory", and 
           sometimes display the message from the text above, followed by 
           the word "AIDS" in large block letters. 
           Origin:  Unknown  June, 1997. 
       HLLO.6528: Also received in June, 1997, this virus is very 
           similar to HLLO.5071, with the exception that it infects two 
           .COM or .EXE files located in the first subdirectory of the 
           C: drive when an infected program is executed.  Infected files 
           will become 6,528 bytes in length and their date and time in 
           the DOS disk directory listing will have been updated to the 
           current system date and time when infection occurred. 
           Origin:  Unknown  June, 1997. 
       HLLO.7504: Also received in June, 1997, this virus is very 
           similar to HLLO.5071, with the exception that infected files 
           become 7,504 bytes in length. 
           Origin:  Unknown  June, 1997.

Show viruses from discovered during that infect .

Main Page