Lehigh Virus


 Virus Name:  Lehigh 
 Aliases:     Lehigh University 
 V Status:    Common 
 Discovered:  November, 1987 
 Symptoms:    Corrupts boot sector & FAT, system hang 
 Origin:      Pennsylvania, United States 
 Eff Length:  N/A 
 Type Code:   ORaKT - Overwriting Resident COMMAND.COM Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, NAV, IBMAV, 
                    Sweep, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  MDisk & replace COMMAND.COM with clean copy, or 
                        F-Prot, NAV 
 General Comments: 
       The Lehigh virus infects only the COMMAND.COM file on both floppies 
       and hard drives.  The infection mechanism is to overwrite the 
       stack space.  When a disk which contains an uninfected copy of 
       COMMAND.COM is accessed, that disk is then infected.  A infection 
       count is kept in each copy of the virus, and after 4 infections, 
       the virus overwrites the boot sector and FATs. 
 
       A variation of the Lehigh virus, Lehigh-2, exists which maintains 
       its infection counter in RAM and corrupts the boot sector and FATs 
       after 10 infections. 
 
       Known variant(s) of Lehigh are: 
       Lehigh-2: Similar to Lehigh, but the infection counter is 
                 maintained in RAM, and the corruption of the boot sector 
                 and FATs occurs after 10 infections. 
       Lehigh-B: Similar to Lehigh, the virus has been modified to avoid 
                 detection. 
       Lehigh-D: Another slight variant of Lehigh, the major difference 
                 is that once the system is booted from a Lehigh infected 
                 COMMAND.COM, .EXE programs will typically fail to execute, 
                 resulting in a system hang.

Show viruses from discovered during that infect .

Main Page