Jerk Virus

Virus Name: Jerk Aliases: Talentless Jerk, SuperHacker, 1077, Jerk-B V Status: Rare Discovered: March, 1991 Symptoms: .COM & .EXE growth; message; unexpected access to C: drive Origin: Unknown Eff Length: 1,077 Bytes Type Code: PNAK - Parasitic Non-Resident .COM & .EXE Infector Detection Method: AVTK, F-Prot, ViruScan, Sweep, ChAV, NAV, IBMAV, NAVDX, VAlert, PCScan, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected programs General Comments: The Jerk, Talentless Jerk, or SuperHacker virus was submitted in March, 1991. Its origin is unknown. This virus is a non-resident infector of .COM and .EXE programs, and it will infect COMMAND.COM. When a program is executed which is infected with the Jerk virus, it will search the directory structure of the C: drive to find a program to infect. If the user executed the infected program from a diskette, an unexpected access to the system hard disk will occur. Once the virus has selected a .COM or .EXE program to infect, it will alter the first nine bytes of the candidate file, and then append the virus to the end of the newly infected program. The following message may also be displayed on the system monitor, though this does not always occur: "Craig Murphy calls himself SUPERHACKER but he's just a talentless jerk!" This message cannot be seen within infected programs as it is encrypted within the virus. Programs infected with the Jerk virus will have a file length increase of 1,077 bytes. The text string "MURPHY" will also be found starting at the fourth byte of the infected file. The other text string which can be found in infected files is: "COMMAND.COM *.COM *.EXE Bad command or file name" The Jerk virus does not do anything besides replicate. Known variant(s) of Jerk include: Jerk-B: Functionally equivalent to Jerk, this variant differs by three bytes.