Magdzie Virus

Virus Name: Magdzie Aliases: Magdzie.1056 V Status: New Discovered: July, 1995 Symptoms: .EXE file growth; file date/time changes; decrease in available free memory Origin: Unknown Eff Length: 1,056 - 1,072 Bytes Type Code: PRhE - Parasitic Resident .EXE Infector Detection Method: F-Prot, AVTK, VAlert, Sweep, NAV, NAVDX, IBMAV, ViruScan, ChAV, Sweep/N, NAV/N, IBMAV/N, NShld, AVTK/N, NProt, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The Magdzie or Magdzie.1056 virus was received in July, 1995. Its origin or point of isolation is unknown. Magdzie is a memory resident stealth virus which infects .EXE files. When the first Magdzie infected program is executed, this virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Total available free memory, as indicated by the DOS CHKDSK program from DOS 5.0, will have decreased by 1,104 bytes. No interrupts will be mapped to the virus in memory. Once the Magdzie virus is memory resident, it will infect .EXE files when they are executed or opened. Infected files will have a file length increase of 1,056 to 1,072 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. The following text strings are visible within the viral code in all infected programs: "chklist?.*" "Magdzie T. - jutro Twoje urodziny!" "chklist?.*" This virus disinfects infected programs as they are read into memory when the virus is memory resident. As a result, anti-viral programs may "see" the disinfected copy of the program if the virus is memory resident.