Magnitogorsk 2048 Virus

Virus Name: Magnitogorsk 2048 Aliases: V Status: Rare Discovered: May, 1991 Symptoms: .COM & .EXE growth; decrease in total system and available memory Origin: USSR Eff Length: 2,048 Bytes Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector Detection Method: ViruScan, F-Prot, Sweep, AVTK, NAV, IBMAV, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The Magnitogorsk 2048 virus was submitted from Europe in May, 1991. It is originally from the USSR. Magnitogorsk 2048 is a later version of the 2560 virus, and some anti-viral utilities will detect it as 2560. The first time a program infected with Magnitogorsk 2048 is executed, the virus will install itself memory resident at the top of system memory but below the 640K DOS boundary. Total system and available free memory, as measured by the DOS CHKDSK program, will decrease by 4,160 bytes. Interrupts 08, 13, 21, and 22 will be hooked by the virus. After Magnitogorsk 2048 is memory resident, it will infect .COM and .EXE programs larger than approximately 2K when they are opened or executed. Infected programs will increase in size by 2,048 bytes with the virus being located at the end of the infected program. The program's date and time in the disk directory will not be altered. Magnitogorsk 2048 will also infect COMMAND.COM when it is opened or executed. In the case of COMMAND.COM, the infected program will not have any file length increase as the virus will overwrite a portion of COMMAND.COM's stack space. Magnitogorsk 2048 is a stealth virus, as is 2560. While these viruses do not hide their file length increase, they do actively use techniques to avoid detection by anti-viral utilities not aware of them. It is unknown if Magnitogorsk 2048 does anything besides replicate. See: 2560