Maltese Amoeba Virus

Virus Name: Maltese Amoeba Aliases: Irish, Maltese V Status: Common Discovered: September, 1991 Symptoms: .COM & .EXE growth; decrease in total system and available memory; hard disk & diskette corruption; flashing display; message displayed & boot failure Origin: Malta Isolated: Ireland Eff Length: 2,504 - 2,564 Bytes Type Code: PRtA - Parasitic Resident .COM & .EXE Infector Detection Method: AVTK, NAV, IBMAV, Sweep, F-Prot, NAVDX, VAlert, PCScan, ViruScan, ChAV, NShld, Sweep/N, Innoc, AVTK/N, NAV/N, IBMAV/N, LProt Removal Instructions: Delete infected files General Comments: The Maltese Amoeba virus was discovered in Ireland in September, 1991. Its origin, however, is Malta. At the time of its discovery, it was thought to be wide-spread within Ireland. The Maltese Amoeba is a memory resident infector of .COM and .EXE files. It does not infect COMMAND.COM. The first time a program infected with Maltese Amoeba is executed, Maltese Amoeba will become memory resident at the top of system memory but below the 640K DOS boundary. Total system and available free memory will decrease by 4,096 bytes, and interrupt 12's return will have been moved. Maltese Amoeba will hook interrupt 21. Once memory resident, Maltese Amoeba will infect .COM and .EXE programs when they are opened or executed. Infected programs will increase in size by 2,504 to 2,564 bytes, the virus will be located at the end of the infected file. There will be no change in the file's date and time in the DOS disk directory. The Maltese Amoeba is a destructive virus which activates on ATs on March 15 and November 1. On these dates, it will overwrite the first four sectors of cylinders 0 through 29 of the system hard drive and any diskette drives. Once the virus has completed over- writing the beginning of the first 30 cylinders of each drive, it will proceed to a bright, flashing screen display, leaving the system in a loop. When the system is rebooted, the following poem will be displayed, followed by a system hang: "To see a world in a grain of sand, And a heaven in a flower Hold infinity in the palm of your hand And eternity in an hour. THE VIRUS 16/3/91". This virus is encrypted, so the above text cannot be seen in infected files. Other text which is also encrypted within the virus is: "AMOEBA virus by the Hacker Twins (C) 1991 This is nothing, wait for the release of AMOEBA II - The universal infector,hidden to any eye by ours! Dedicated to the University of Malta-the worst educational system in the universe,and the destroyer of 5X2 years of human life". This text will appear within the boot sector of the system hard disk once the virus has activated. Known variant(s) of Maltese Amoeba are: Maltese Amoeba-B: A minor variant of the Maltese Amoeba virus described above, this variant adds 2,504 to 2,571 bytes to the .COM and .EXE programs it infects, with the virus being located at the end of the file. The following text is encrypted within the virus, as well as the poem indicated above: "AMOEBA virus by the Hacker Twins (C) 1991 This is nothing, wait for the release of AMOEBA II The universal infector, hidden to any eye by ours! Dedicated to the University of Malta- the worst educational system in the universe, and the destroyer of 5X2 years of human life." "COMEXE" Origin: Malta January, 1993.