Kuang Virus


 Virus Name:  Kuang 
 Aliases:     Aussie Parasite.Kuang 
 V Status:    New 
 Discovered:  January, 1995 
 Symptoms:    hidden .COM files created with System, Hidden, Read-Only set; 
              decrease in available system memory (DOS 5.0) 
 Origin:      Unknown 
 Eff Length:  718 Bytes 
 Type Code:   SRhE - Spawning Resident .EXE Infector 
 Detection Method:  F-Prot, AVTK, ViruScan, Sweep, NAV, NAVDX, VAlert, 
                    IBMAV, PCScan, ChAV, 
                    AVTK/N, NShld, Sweep/N, NProt, NAV/N, IBMAV/N, Innoc 4.0+ 
 Removal Instructions:  Delete the 718 byte hidden .COM files containing 
                        the viral code 
 General Comments: 
       The Kuang or Aussie Parasite.Kuang virus was received in January, 
       1995.  Its origin or point of isolation is unknown.  Kuang is a 
       memory resident companion or spawning virus which infects .EXE 
       programs by creating corresponding .COM files containing the 
       viral code. 
 
       When the first Kuang infected program is executed, the Kuang virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary.  Total available memory, as indicated 
       by the DOS CHKDSK program from DOS 5.0, will have decreased by 
       approximately 848 bytes.  Interrupts 21 and 66 will be hooked by 
       the virus in memory. 
 
       Once the Kuang virus is memory resident, it will infect .EXE 
       programs when they are executed.  The .EXE file is not altered, 
       instead the virus will create a .COM file with the same base 
       file name.  These created .COM files will have a length of 718 
       bytes and the file date/time stamp in the DOS disk directory of 
       "02-20;6 10:02".  The .COM files will not be visible in the DOS 
       disk directory listing as the virus sets the System, Hidden, and 
       Read-Only flags.  The following text strings are visible within 
       the Kuang viral code located in the hidden .COM files: 
 
           "STACK" 
           "W.I.N.T.E.R.M.U.T.E." 
           "jANE is a bItcH" 
           "I wanna set of Mollys shades" 
           "Case lives.... Somewhere in the NET!" 
           "Kuang Virus 2.0" 
           "N.E.U.R.O.M.A.N.C.E.R." 
           "(C) 1992 Australian Parasite" 
 
       The Kuang virus can be disinfected by cold-booting the system from 
       an uninfected system disk, and deleting all of the 718 byte hidden 
       files containing the Kuang viral code.  The user must be careful 
       to not execute any .EXE program in this process which has a 
       companion hidden .COM file. 
 
       See:   Aussie Parasite

Show viruses from discovered during that infect .

Main Page