Lapidario Virus

Virus Name: Lapidario Aliases: Lapidario.768 V Status: New Discovered: January, 1996 Symptoms: .COM file growth Origin: Argentina Eff Length: 768 Bytes Type Code: PNC - Parasitic Non-Resident .COM Infector Detection Method: IBMAV, PCScan, NAV, NAVDX, AVTK, ViruScan, F-Prot, ChAV, IBMAV/N, NAV/N, AVTK/N, NShld, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The Lapidario or Lapidario.768 virus was received in January, 1996. It appears to be from Argentina. Lapidario is a non-resident, direct action infector of .COM files, but not COMMAND.COM. When a program infected with the Lapidario virus is executed, this virus will infect one .COM file located in the first subdirectory from the root directory of the current drive. Infected .COM files will have a file length increase of 768 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not be altered. The following text strings are encrypted within the viral code: "*.com *.*" "chklist.ms" " COMMAND.COM Lapidario - V1.0 - Argentina 1993 -" It is unknown what the Lapidario virus may do besides replicate. Known variant(s) of Lapidario are: Lapidario.787: Also received in January, 1996, this is a 787 byte variant of the Lapidario virus described above. It infects one .COM file in the current directory when an infected program is executed, but not COMMAND.COM. Infected .COM files will have a file length increase of 787 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not be altered. The following text strings are encrypted within the viral code: "\ *.com *.*" "chklist.ms V" "COMMAND.COM Lapidario - Argentina 1993 -" Origin: Argentina January, 1996.