Kamikazi Virus

Virus Name: Kamikazi Aliases: Kamikaze V Status: Viron Discovered: August, 1990 Symptoms: Program corruption; system hangs; system reboots Origin: Bulgaria Eff Length: 4,031 Bytes Type Code: ONE - Overwriting Non-Resident .EXE Infector Detection Method: AVTK, NAV, Sweep, F-Prot, PCScan, ChAV, IBMAV, ViruScan, NAVDX, VAlert, NShld, Sweep/N, Innoc, AVTK/N, NAV/N, NProt, IBMAV/N, LProt Removal Instructions: Delete infected files General Comments: The Kamikazi virus was submitted by Vesselin Bontchev of Bulgaria in August, 1990. This virus is a non-resident overwriting virus, and infects .EXE files. When a program infected with the Kamikazi virus is executed, the virus will infect another .EXE file in the current directory if the .EXE file's length is greater than 4,031 bytes. Kamikazi simply overwrites the first 4,031 bytes of the candidate program with its viral code, thus permanently damaging the candidate program being infected. The original 4,031 bytes of code is not stored at any other location. Infected files do not change in length. After infecting another .EXE program, the virus will then change the first 8 bytes of the infected program that was executed to "kamikazi", thus the virus's name. At this point, one of several symptoms may appear: the system may be rebooted by the virus, some of the contents of memory may get displayed on the screen, or the program may complete execution having appeared to have done nothing at all. In any event, the original executed program will never run successfully, doing what the user expects. If the infected program is executed a second time, it will hang the system since it is no longer an executable program. The .EXE header has been permanently damaged due to the first 8 characters having been changed to "kamikazi" by the virus when it was first executed.