Jerusalem 1663 Virus


 Virus Name:  Jerusalem 1663 
 Aliases:    
 V Status:    Rare 
 Discovered:  October, 1992 
 Symptoms:    .COM & .EXE growth; TSR 
 Origin:      Unknown 
 Eff Length:  1,663 Bytes 
 Type Code:   PRsAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, Sweep, F-Prot, IBMAV, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, LProt, IBMAV/N, 
                    NAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Jerusalem 1663 virus was received in October, 1992.  Its origin 
       or point of isolation is unknown.  Jerusalem 1663 is a memory 
       resident infector of .COM and .EXE programs, including COMMAND.COM. 
 
       The first time a program infected with the Jerusalem 1663 virus is 
       executed, the Jersalem 1663 virus will install itself memory resident 
       as a low system memory TSR of 2,432 bytes.  Interrupts 13 and 21 will 
       be hooked. 
 
       Once memory resident, Jersalem 1663 will infect programs, including 
       COMMAND.COM, when they are executed.  Both .COM and .EXE programs 
       will increase in size by 1,663 bytes with the virus being located 
       at the end of the file.  The virus cannot recognize a previous 
       infection on a file.  Both .COM and .EXE programs may become 
       reinfected, adding 1,663 bytes with each reinfection.  The file's 
       date and time in the DOS disk directory listing will not be 
       altered.  No text strings are visible within the viral code. 
 
       It is unknown what Jerusalem 1663 does besides replicate. 
 
       See:   Jerusalem

Show viruses from discovered during that infect .

Main Page