Marked-X Virus

Virus Name: Marked-X Aliases: V Status: New Discovered: July, 1994 Symptoms: .COM & .EXE files overwritten; TSR; message; file date/time "disappears" from DOS DIR listing"; programs fail to function properly; system hangs Origin: Unknown Eff Length: 354 Bytes Overwriting Type Code: ORsAK - Overwriting Resident .COM & .EXE Infector Detection Method: F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAV, NAVDX, VAlert, PCScan, AVTK/N, Sweep/N, IBMAV/N, NShld, NProt, NAV/N, LProt Removal Instructions: Delete infected files General Comments: The Marked-X virus was submitted in August, 1994. Its origin or point of isolation is unknown. Marked-X is a memory resident overwriting virus which infects .COM and .EXE programs, including COMMAND.COM. When the first Marked-X infected program is executed, this virus will install itself memory resident as a low system memory TSR, hooking interrupt 21. A system hang may occur, the user may be returned to the DOS prompt, or other unexpected results may then occur. Once the Marked-X virus is memory resident, it will infect .COM and .EXE programs when they are executed. Infected programs will have the first 354 bytes overwritten by the viral code. The file's date and time in the DOS disk directory listing will appear to have "disappeared", though it will have actually been set to a value of "0-00-80 12:00:00 am". The following text strings are visible within the viral code in all infected programs: "Marked-X" "Will we ever learn to talk with eachother?" "(c) Metal Militia/Immortal Riot" "In any country, prison is where society sends it's" "failures, but in this country society itself is faily" "Bad command or filename" The last text string may be displayed as a message when infected programs are executed. Marked-X permanently corrupts the programs it infects. All infected programs should be deleted and replaced with uninfected backup copies.