MDS Virus


 Virus Name:  MDS 
 Aliases:     MDS.331 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .COM file growth; file date/time changes; 
              decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  331 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method: ChAV, F-Prot, AVTK, IBMAV, NAV, NAVDX, ViruScan 2.54+, 
                   Innoc, AVTK/N, IBMAV/N, NAV/N, NShld 2.33+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The MDS or MDS.331 virus was received in January, 1996.  Its origin 
       or point of isolation is unknown.  MDS is a memory resident infector 
       of .COM files, including COMMAND.COM. 
 
       When a program infected with the MDS virus is executed, this virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by 2,048 bytes.  Interrupt 21 will be 
       hooked by the virus in memory. 
 
       Once the MDS virus is memory resident, it will infect .COM files, 
       including COMMAND.COM, when they are executed.  Infected .COM files 
       will have a file length increase of 331 bytes with the virus 
       being located at the end of the file.  The program's date and time 
       in the DOS disk directory listing will have been updated to the 
       current system date and time when infection occurred.  The following 
       text string can be found within the viral code in all infected 
       files: 
 
           "MDS93"

Show viruses from discovered during that infect .

Main Page