Kemerovo Virus

Virus Name: Kemerovo Aliases: USSR 257, Kemerovo-B, Keme, USSR-257, Kemerovo-C, V257, Kemerov V Status: Rare Discovered: December, 1990 Symptoms: .COM growth; "????????COM Path not found." message; file date/time changes Origin: USSR Eff Length: 257 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: ViruScan, F-Prot, NAV, Sweep, AVTK, IBMAV, NAVDX, VAlert, PCScan, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The Kemerovo virus was submitted in December, 1990 and is from the USSR. This virus is a non-resident direct action infector of .COM files, including COMMAND.COM. When a program infected with the Kemerovo virus is executed, the virus will search the current drive and directory for a .COM program to infect. If an uninfected .COM program is found, the virus will infect it, adding its viral code to the end of the original program. The newly infected program's date and time in the disk directory will also be updated to the current system date and time of infection. Infected programs will increase in length by 257 bytes. If an uninfected .COM file was not found in the current directory, the message "????????COM Path not found" may be displayed and the program the user is attempting to execute will be terminated. Kemerovo does not do anything besides replicate. Known variant(s) of Kemerovo are: Kemerovo-B: Similar to Kemerovo, this variant is from the United States and has been altered to avoid detection by some anti-viral programs. Its major distinction from the original virus is that it will infect five .COM programs in the current directory. Kemerovo-C: Very similar to Kemerovo-B, this variant only differs by a couple of bytes.