Ilja-1704 Virus


 Virus Name:  Ilja-1704 
 Aliases:    
 V Status:    Rare 
 Discovered:  January, 1994 
 Symptoms:    .COM file growth; file date/time changes 
 Origin:      Unknown 
 Eff Length:  1,704 Bytes 
 Type Code:   PRaCK - Parasitic Resident .COM Infector 
 Detection Method:  AVTK, F-Prot, ViruScan, Sweep, IBMAV, NAV, 
                    NAVDX, VAlert, ChAV, 
                    NProt, Sweep/N, NShld, AVTK/N, IBMAV/N, Innoc, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Ilja-1704 virus was received in January, 1994.  Its origin or 
       point of isolation is unknown.  Ilja-1704 is a memory resident 
       infector of .COM programs, including COMMAND.COM. 
 
       When the first Ilja-1704 infected program is executed, it will 
       install itself memory resident in available free memory at 
       8E00:0000.  Interrupts 16, 21, and 4C will be hooked by the virus 
       in memory. 
 
       Once the Ilja-1704 virus is memory resident, it will infect .COM 
       programs, including COMMAND.COM, when they are executed.  Infected 
       programs will have a file length increase of 1,704 bytes with the 
       virus being located at the end of the file.  The program's date and 
       time in the DOS disk directory listing will have been updated to the 
       current system date and time when infection occurred.  The following 
       text strings are encrypted within the Ilja-1704 viral code: 
 
               "COM" 
               "EXE" 
     
       Additionally, the text string "CR" can be found starting in the 
       fourth byte of all infected files.

Show viruses from discovered during that infect .

Main Page