Ivy Virus


 Virus Name:  Ivy 
 Aliases:     Ivy.454 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .COM file growth; file date/time seconds = "62" 
 Origin:      Unknown 
 Eff Length:  454 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  IBMAV, ViruScan, NAV, NAVDX, AVTK, F-Prot, ChAV, 
                    IBMAV/N, NShld, NAV/N, AVTK/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Ivy or Ivy.454 virus was received in January, 1996.  Its origin 
       or point of isolation is unknown.  Ivy is a non-resident, direct 
       action infector of .COM files, including COMMAND.COM. 
 
       When a program infected with the Ivy virus is executed, this virus 
       will infect one .COM file located in the current directory.  Infected 
       files will have a file length increase of 454 bytes with the virus 
       being located at the end of the file.  The program's date and time 
       in the DOS disk directory listing will not appear to be altered, 
       though the seconds field will have been set to "62".  The following 
       text strings are visible within the viral code: 
 
           "????????COM" 
           "*.COM" 
           "PATH=" 
 
       Known variant(s) of Ivy are: 
       Ivy.568: Also received in January, 1996, this is a 568 byte 
           variant of the Ivy virus described above.  It also infects one 
           .COM file in the current directory when an infected program is 
           issued, though this variant will also occassionally corrupt a 
           file instead of infecting it.  Programs infected with this 
           variant will have a file length increase of 568 bytes with the 
           virus being located at the end of the file.  Programs corrupted 
           by this variant will have the beginning of the host program 
           overwritten by some code, the file's length will not be altered. 
           In both cases, the file's date and time in the DOS disk 
           directory listing will not appear to be altered, though the 
           seconds field will have been set to "62".  The following text 
           strings are visible within the viral code: 
           "-=[ Poison Ivy ]=-" 
           "Slowly strangle your system." 
           "Poison you programs." 
           "????????COM" 
           "*.COM" 
           "PATH=" 
           System hangs frequently occur when infected programs are 
           executed.  The first three text strings indicated above are 
           displayed on the system monitor as a message when an Ivy.568 
           corrupted program is executed. 
           Origin:  Unknown  January, 1996.

Show viruses from discovered during that infect .

Main Page