Malign Virus

Virus Name: Malign Aliases: Malign-575 V Status: Rare Discovered: February, 1993 Symptoms: .COM file growth; file date/time minutes set to 01; decrease in total system & available free memory; interfers with DOS Dir command Origin: USSR Eff Length: 575 Bytes Type Code: PRhCK - Parasitic Resident .COM Infector Detection Method: Sweep, AVTK, F-Prot, IBMAV, ViruScan, NAV, NAVDX, VAlert, ChAV, Sweep/N, NShld, AVTK/N, NAV/N, IBMAV/N, Innoc Removal Instructions: Delete infected files General Comments: The Malign, or Malign-575, virus was submitted in February, 1993, and is originally from the USSR. Malign is a memory resident infector of .COM programs, including COMMAND.COM. When the first Malign infected program is executed, the Malign virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, hooking interrupts 21 and 22. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 2,304 bytes. Also at this time, the Malign virus will infect the copy of COMMAND.COM located in the C: drive root directory. Once the Malign virus is memory resident, it will infect .COM programs when they are executed, opened, or a DOS Dir command is performed. Infected programs will have a file length increase of 575 bytes with the virus being located at the beginning of the file. The program's time in the DOS disk directory listing will have been altered so that the minutes field will be set to "01". The following text strings are visible within the Malign viral code in all infected programs: "Malign$?" "*.com" Malign may interfer with the display of output from the DOS Dir command, including the addition of a line for a file with the name "MalignEXE EXE". Known variant(s) of Malign are: Malign-630: A 630 byte variant of the Malign virus described above. It contains the text strings: "Malign$Wait" "*.com" Origin: USSR February, 1993.