Infector Virus

Virus Name: Infector Aliases: V Status: Rare Discovered: December, 1992 Symptoms: .COM file growth; file date/time changes; system hangs Origin: USSR Eff Length: 822 - 837 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: AVTK, IBMAV, Sweep, F-Prot, ViruScan, VAlert, NAV, NAVDX, PCScan, ChAV, Sweep/N, NShld, Innoc, NProt, AVTK/N, LProt, IBMAV/N, NAV/N Removal Instructions: Delete infected files General Comments: The Infector virus was submitted in December, 1992. It is originally from the USSR. Infector is a non-resident, direct action infector of .COM programs, including COMMAND.COM. When a program infected with the Infector virus is executed, the Infector virus will infect one .COM program located in the current directory. Infected programs will have a file length increase of 822 - 837 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time. The following text string can be found in all Infector infected programs: "*.COM" Systems infected with the Infector virus will experience frequent system hangs when infected programs are executed. Known variant(s) of Infector are: AReg-822: Received in November, 1993, AReg-822 is based on the Infector virus described above. It infects one .COM file in the current directory, plus the copy of COMMAND.COM pointed to by the COMSPEC environmental variable if not previously infected, each time an infected program is executed. Infected programs increase in size by 822 to 837 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. The following text strings are visible within the AReg-822 viral code: "*.com OMSPEC" ".com" "(C) 1993 AREG Soft" Origin: Unknown November, 1993. See: Hallo-496