Major Virus

Virus Name: Major Aliases: Major.1644 V Status: In the wild Discovered: July, 1996 Symptoms: .EXE file growth; decrease in available free memory Origin: Poland Eff Length: 1,644 - 1,660 Bytes Type Code: PRhE - Parasitic Resident .EXE Infector Detection Method: AVTK 7.61+, IBMAV, ViruScan 2.51+, PCScan 5.02+, NAV 3.09 9608+, NAVBoot 0.A 9608+, ChAV, AVTK/N 7.61+, IBMAV/N, NShld 2.32 9607+, NAV/N 2.0 9608+ Removal Instructions: Delete infected files General Comments: The Major virus was received in July, 1996, and has been reported to be "in the wild". It appears to be from Poland. This virus is a memory resident infector of .EXE files. When the first Major infected program is executed, this virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Available free memory, as indicated by the DOS CHKDSK program from DOS 5.0, will have decreased by 30,384 bytes. Interrupts 08 and 21 will be hooked by the virus in memory. Once the Major virus is memory resident, it will infect .EXE files when they are executed. Infected programs will have a file length increase of 1,644 to 1,660 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not be altered. The following text strings are encrypted within the viral code: "The Major BBS Virus created by Major tomTugger" "\BBSV6\BBSAUDIT.DAT" "\BBSV6\BBSUSR.DAT" "Puppet" "Image" "Gnat" "Minion" "Cindy" "F'nor" It is unknown what this virus may do besides replicate, though it should be assumed that it will interfer with the functionality or corrupt the Major BBS programs.