July 13TH Virus


 Virus Name:  July 13TH 
 Aliases: 
 V Status:    Endangered 
 Discovered:  April, 1990 
 Symptoms:    .EXE file growth; screen effects on July 13th 
 Origin:      Madrid, Spain 
 Eff Length:  1,201 Bytes 
 Type Code:   PNE - Parasitic Non-Resident .EXE Infector 
 Detection Method:  ViruScan, F-Prot, NAV, Sweep, AVTK, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, 
                    IBMAV/N 
 Removal Instructions:  F-Prot, or delete infected files 
 
 General Comments: 
       The July 13TH virus was isolated in Madrid, Spain, in April 1990 by 
       Guillermo Gonzalez Garcia.  This virus is a generic .EXE file 
       infector, and is not memory resident. 
 
       When a program infected with the July 13TH virus is executed, the 
       virus will attempt to infect a .EXE file.  Files are only infected 
       if they are greater in length than 1,201 bytes.  Infected files 
       increase in size by 1,201 to 1,209 bytes. 
 
       The July 13TH virus activates on July 13TH of any year.  At that 
       time, a bouncing ball effect occurs on the system monitor's screen 
       similar to the bouncing ball effect of the Ping Pong virus.  While 
       this virus is disruptive, it does not cause any overt damage to 
       files other than infecting them.  The bouncing ball effect created 
       by this virus will occasionally leave dots on the screen where it 
       was passing if the screen has been scrolled for any reason. 
 
       Known variant(s) of July 13TH are: 
       July 13TH-B: Functionally similar to the original July 13TH 
                    virus, this variant has been altered to avoid detection 
                    by anti-viral programs which are aware of the July 13TH 
                    virus.  It infects one .EXE file in the current 
                    directory when an infected program is executed, adding 
                    1,199 to 1,213 bytes to the file.  The virus will be 
                    located at the end of the program.  The file's date 
                    and time in the DOS disk directory listing will not 
                    be altered.  The following text string is encrypted 
                    within the viral code: 
                    "*.EXE \*.V" 
                    July 13TH-B activates on July 13th of any year, at 
                    which time a bouncing ball will appear on the system 
                    display when an infected program is executed. 
                    Origin:  Unknown  March, 1993. 
       July 13TH-C: Functionally similar to the original July 13TH 
                    virus, it infects one .EXE file in the current 
                    directory when an infected program is executed, adding 
                    1,201 to 1,215 bytes to the file.  The virus will be 
                    located at the end of the program.  The file's date 
                    and time in the DOS disk directory listing will not 
                    be altered.  The following text string is encrypted 
                    within the viral code: 
                    "*.EXE \*." 
                    July 13TH-C only infects programs located in the current 
                    drive when the current drive is also a root directory. 
                    Origin:  Unknown  January, 1994.

Show viruses from discovered during that infect .

Main Page