Lockup 3.0 Virus

Virus Name: Lockup 3.0 Aliases: V Status: Rare Discovered: May, 1993 Symptoms: .COM & .EXE growth; file date/time changes; system hangs; decrease in total system & available free memory Origin: Unknown Eff Length: 2,969 - 2,983 Bytes Type Code: PRsA - Parasitic Resident .COM & .EXE Infector Detection Method: ViruScan, Sweep, AVTK, F-Prot, IBMAV, NAVDX, VAlert, NAV, ChAV, NShld, Sweep/N, AVTK/N, Innoc, IBMAV/N, NAV/N Removal Instructions: Delete infected files General Comments: The Lockup 3.0 virus was submitted in May, 1993. Its origin or point of isolation is unknown. Lockup 3.0 is a memory resident infector of .COM and .EXE programs, but not COMMAND.COM. When the first Lockup 3.0 infected program is executed, the Lockup 3.0 virus will become memory resident as a low system memory TSR of 3,280 bytes. Interrupt 22 will be hooked by Lockup 3.0 in memory. Once the Lockup 3.0 virus is memory resident, it will infect .COM and .EXE programs, other than COMMAND.COM, when they are executed. Infected .COM programs will have a file length increase of 2,969 bytes with the virus being located at the beginning of the file. .EXE files will have a file length increase of 2,969 to 2,983 bytes with the virus being located at the end of the file. In both cases, the file's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. The following text strings are visible within the viral code in all Lockup 3.0 infected programs: "No.1" "L�o�c�k�-�u�p� �V�e�r� �3�.�0�" "�T�ry doing your best." "G�odbleS�s" Pressing the CTRL and Break keys with the virus memory resident may result in a system hang.