A-Bomb Virus


 Virus Name:  A-Bomb 
 Aliases:    
 V Status:    New 
 Discovery:   July, 1994 
 Symptoms:    .COM file growth; DOS CHKDSK file allocation errors; 
              decrease in total system & available free memory; 
              file date/time seconds = "62" 
 Origin:      Unknown 
 Eff Length:  878 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  AVTK, IBMAV, Sweep, F-Prot, ViruScan, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    Sweep/N, AVTK/N, NProt, NShld, IBMAV/N, NAV/N, LProt, 
                    Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The A-Bomb virus was received in July, 1994.  Its origin or point of 
       isolation is unknown.  A-Bomb is a memory resident stealth virus 
       which infects .COM files, including COMMAND.COM. 
 
       When the first A-Bomb infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Total system 
       and available free memory, as indicated by the DOS CHKDSK program, 
       will have decreased by 1,808 bytes.  Interrupt 21 will be hooked by 
       the virus in memory.  The virus also infects COMMAND.COM at this 
       time if it was not previously infected. 
 
       Once the A-Bomb virus is memory resident, it will infect .COM files 
       when they are executed or opened for any reason.  Infected programs 
       will have a file length increase of 878 bytes, though the file 
       length increase will be hidden when the virus is memory resident.  The 
       virus will be located at the end of the infected file.  The program's 
       date and time in the DOS disk directory listing will not appear to be 
       altered, though the seconds field will have been set to "62".  The 
       following text string is encrypted within the A-Bomb viral code: 
 
               "[A-BOMB V1.0á] By Mnemonix 1994" 
 
       Users of systems infected with the A-Bomb virus may notice that some 
       programs or batch files may execute twice when the user runs them. 
       The DOS CHKDSK program will return file allocation errors on all 
       infected files when the virus is memory resident.  This virus may 
       also interfer with the functioning of some anti-viral utilities when 
       it is memory resident.

Show viruses from discovered during that infect .

Main Page