Idle Virus

Virus Name: Idle Aliases: V Status: Rare Discovered: January, 1992 Symptoms: .COM & .EXE growth; decrease in total system and available free memory; system hangs; unexpected system reboots Origin: Unknown Eff Length: 2,332 or 2,859 Bytes Type Code: PRhA - Parasitic Resident .COM & .EXE Infector Detection Method: ViruScan, Sweep, F-Prot, AVTK, PCScan, NAV, IBMAV, NAVDX, VAlert, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The Idle virus was received in January, 1992. Its origin or point of isolation is unknown. Idle is a memory resident infector of .COM and .EXE programs. It does not infect COMMAND.COM. The first time a program infected with the Idle virus is executed, this virus will install itself memory resident at the top of system memory but below the 640K DOS boundary. Interrupt 12's return will not have been moved. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 3K. Interrupts 08, 21, and 28 will be hooked by Idle in memory. Once the Idle virus is memory resident, it will infect .COM and .EXE programs when they are executed or opened for any reason. .COM programs will increase in size by 2,332 bytes with the virus being located at the beginning of the infected file. .EXE programs will increase in size by 2,859 bytes with the virus being located at the end of the infected file. In both cases, there will be no change to the file's date and time in the DOS disk directory listing. The following text string can be found within the viral code in all infected programs: "PATH=COMMAND COMEXE*.*" Systems infected with the Idle virus will experience unexpected system hangs and warm reboots when the user attempts to execute programs.