Lozinsky Virus

Virus Name: Lozinsky Aliases: Lozinsky-1018, Lozinsky-1023B V Status: Rare Discovered: December, 1990 Symptoms: .COM file growth; file date/time changes; decrease in total system and available free memory Origin: USSR Eff Length: 1,023 Bytes Type Code: PRtCK - Parasitic Resident .COM Infector Detection Method: ViruScan, AVTK, F-Prot, NAV, Sweep, ChAV, IBMAV, NAVDX, VAlert, PCScan, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected programs General Comments: The Lozinsky virus was submitted in December, 1990 from the USSR. Lozinsky is a memory resident infector of .COM files, including COMMAND.COM. When the first program infected with Lozinsky is executed, the virus will install itself memory resident at the top of system memory but below the 640K DOS boundary. Interrupt 12's return will be moved so that the system will report 2,048 bytes of memory less than what is actually installed. Interrupts 13 and 21 will be hooked by the virus. COMMAND.COM will also become infected at this time. After Lozinsky is memory resident, it will infect .COM files which are executed or opened for any reason. Infected programs will show a file length increase of 1,023 bytes and have the virus located at the end of the program. Their date and time in the disk directory will also have been updated to the system date and time when the program was infected by Lozinsky. It is unknown if Lozinsky does anything besides replicate. Known variant(s) of Lozinsky are: Lozinsky-1018: Functionally similar to the original Lozinsky virus, this variant is five bytes smaller, adding 1,018 bytes to the end of files it infects. Origin: Unknown November, 1991 Lozinsky-1023B: Functionally equivalent to the original virus, this variant has two bytes within its viral code which differ. Origin: Unknown November, 1991 See: Zherkov