Korean Virus


 Virus Name:  Korean 
 Aliases: 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    COMMAND.COM & .EXE file growth; system display blanked; 
              decrease in available free memory 
 Origin:      Korea 
 Eff Length:  709 - 837 Bytes 
 Type Code:   PRhEK - Parasitic Resident COMMAND.COM & .EXE Infector 
 Detection Method: AVTK, Sweep, NAV, NAVDX, IBMAV, ViruScan, 
                   F-Prot, PCScan, ChAV, 
                   AVTK/N, NAV/N, Sweep/N, IBMAV/N, NShld, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Korean virus was received in July, 1995.  It appears to be 
       from Korea.  This virus is a memory resident infector of COMMAND.COM 
       and .EXE files. 
 
       When the first Korean infected program is executed, this virus will 
       install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0 will have decreased by 2,032 bytes.  Interrupt 21 will be 
       hooked by the virus in memory. 
 
       Once the Korean virus is memory resident, it will infect COMMAND.COM 
       and .EXE files larger than approximately 25K when they are opened or 
       executed.  Infected files will have a file length increase of 709 to 
       837 bytes with the virus being located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will not 
       be altered.  The following text strings are visible within the 
       viral code: 
 
           "I am a Stranger in KOREA ..." 
           "C:\COMMAND.COM" 
 
       When the virus is memory resident, the screen may be blanked by the 
       virus when a program is executed.

Show viruses from discovered during that infect .

Main Page