Max.347 Virus

Virus Name: Max.347 Aliases: V Status: Rare Discovered: April, 1994 Symptoms: .COM file growth; Master Boot Record Altered; decrease in total system & available free memory Origin: Unknown Eff Length: 347 Bytes Type Code: PRtXCK - Parasitic Resident .COM & Master Boot Sector Infector Detection Method: ViruScan, F-Prot, AVTK, Sweep, IBMAV, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, AVTK/N, IBMAV/N, NAV/N, Innoc 4.0+ Removal Instructions: Delete infected files & F-Disk /MBR on DOS 5.0+ General Comments: The Max.347 virus was submitted in April, 1994. Its origin or point of isolation is unknown. Max.347 is a memory resident, multi-partite virus which infects the system hard disk master boot sector (partition table sector) and .COM files, including COMMAND.COM. When the first Max.347 infected program is executed, this virus will infect the system hard disk master boot sector, moving the original master boot sector to Side 0, Cylinder 0, Sector 2. The virus does not become memory resident at this time. Memory residence only occurs when the system is booted from the infected hard disk. Max.347 becomes memory resident at the top of system memory, but below the 640K DOS boundary, moving interrupt 12's return. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 1,024 bytes. Interrupt 21 will be hooked by the virus in memory. Once Max.347 is memory resident, it will infect .COM programs when they are executed. Infected programs will have a file length increase of 347 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not be altered. The following text string is visible within the viral code: "[Max]"