JD Virus


 Virus Name:  JD 
 Aliases:     JD-158, JD-276, JD-356, JD-392 
 V Status:    Rare 
 Discovered:  January, 1992 
 Symptoms:    .COM file growth; file date/time changes 
 Origin:      Unknown 
 Eff Length:  158 - 392 Bytes (depending on variant) 
 Type Code:   PRaCK - Parasitic Resident .COM Infector 
 Detection Method:  Sweep, F-Prot, ViruScan, AVTK, ChAV, 
                    IBMAV, NAV, NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The JD virus family was received in January, 1992.  Its origin 
       is unknown.  This family is a group of four closely related 
       viruses, the larger of which will hide the file length increase 
       on infected files without file allocation errors resulting. 
       The entry below describes this family in general, with virus 
       specific information indicated under variants below. 
 
       When a program infected with a JD family virus is executed, the 
       virus will become memory resident in a "hole" in allocated system 
       memory.  As such, there will be no change to total system or 
       available free memory.  Interrupt 21 will be hooked in memory, 
       as well as possibly interrupts 13 or 1E, depending on the variant 
       present. 
 
       Once a JD family virus is memory resident, it will infect .COM 
       programs when they are executed.  If COMMAND.COM is executed, it 
       will also become infected.  The virus will be located at the 
       end of the infected file which will have a file length increase 
       of 158 to 392 bytes. 
 
       The JD family of viruses don't do anything besides replicate. 
 
       Known member(s) of the JD family of viruses are: 
       JD-158: The smallest member of the JD family, this virus adds 
               158 bytes to the .COM files it infects.  The program's 
               date and time in the DOS disk directory listing will have 
               been updated.  It hooks interrupt 13 in addition to 
               interrupt 21 in memory. 
       JD-276: This member of the JD family adds 276 bytes to the .COM 
               programs it infects.  There will be no change to the file's 
               date and time in the DOS disk directory listing.  This 
               virus only hooks interrupt 21 in memory. 
       JD-356: JD-356 adds 356 bytes to the .COM files it infects, 
               however the file length increase will not be visible if the 
               virus is memory resident.  It hooks interrupt 1E in addition 
               to interrupt 21.  There will be no change to the file's 
               date and time in the DOS disk directory listing. 
       JD-392: Similar in behavior to JD-356, this virus adds 392 
               bytes to the .COM programs it infects.

Show viruses from discovered during that infect .

Main Page