It Virus


 Virus Name:  It 
 Aliases:     Coahuila 
 V Status:    Rare 
 Discovered:  August, 1992 
 Symptoms:    .COM & .EXE growth 
 Origin:      Mexico 
 Eff Length:  454 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, NAV, IBMAV, 
                    AVTK, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, NAV/N, NProt, AVTK/N, IBMAV/N, Innoc, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The It virus was isolated in Mexico in August, 1992.  This virus 
       is a non-resident direct action infector of .COM programs, including 
       COMMAND.COM. 
 
       When a program infected with the It virus is executed, this virus 
       will infect one previously uninfected .COM program located in the 
       current directory.  Once it has completed infecting all .COM 
       programs in the current directory, it will start infecting .COM 
       programs located on the system path.  Infected programs will have 
       a file length increase of 454 bytes with the virus being located at 
       the end of the infected program.  The file's date and time in the 
       DOS disk directory listing will not be altered.  The following text 
       string can be found within the viral code in all It infected 
       programs: 
 
               "(C) ITV85020203 PATH=*.COM" 
 
       It doesn't appear to do anything besides replicate. 
 
       Known variant(s) of It are: 
       It-457: Received from Mexico in September, 1992, It-457 is a 
               457 byte variant of the It virus described above.  This 
               variant is functionally very similar to the original 
               virus, the major difference being that It-457 adds 457 
               bytes to the .COM programs it infects.  The same text 
               strings are found in this variant as the original virus. 
               Origin:  Mexico  September, 1992. 
       Viva Mexico: Discovered in Morelia City, Mexico, in December 
               1992, Viva Mexico is a 449 byte variant of the It virus. 
               This variant infects one .COM file in the current directory 
               each time an infected program is executed.  Infected 
               programs will have a file length increase of 449 bytes with 
               the virus being located at the end of the file.  The 
               program's date and time in the DOS disk directory listing 
               will not appear to be altered, but the seconds field will 
               have been set to "60".  The following text is visible within 
               the viral code in all Viva Mexico infected programs: 
               "ITV85020203 1990." 
               "Viva M‚xico!" 
               "PATH=*.COM" 
               Viva Mexico activates when an infected program is executed 
               on September 16th, Mexico's Independence Day.  At that time, 
               the following message will be displayed on the system 
               monitor and the program the user was attempting to execute 
               will run: 
               "­Viva M‚xico!" 
               Origin:  Mexico  December, 1992.

Show viruses from discovered during that infect .

Main Page