Air_Raid Virus


 Virus Name:  Air_Raid 
 Aliases:     Air_Raid.330 
 V Status:    New 
 Discovery:   January, 1996 
 Symptoms:    .COM file growth; decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  330 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method: NAV, NAVDX, ViruScan, AVTK, F-Prot, IBMAV, ChAV, 
                   PCScan, 
                   NAV/N, AVTK/N, NShld, IBMAV/N, Innoc 
 Removal Instructions:  Delete corresponding .COM files 
 
 General Comments: 
       The Air_Raid virus was received in January, 1996.  Its origin or 
       point of isolation is unknown.  Air_Raid is a memory resident 
       infector of .COM files, including COMMAND.COM. 
 
       When the first Air_Raid infected program is executed, this virus 
       will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by 416 bytes.  Interrupt 21 will be 
       hooked by the virus in memory. 
 
       Once the Air_Raid virus is memory resident, it will infect .COM 
       files when they are executed.  Infected .COM files will have a file 
       length increase of 330 bytes with the virus being located at the end 
       of the file.  The program's date and time in the DOS disk directory 
       listing will not be altered.  The following text strings are visible 
       within the viral code: 
 
           "AR" 
           "Air Raid" 
           "=rat" 
           "ARt" 
 
       The "AR" text string can also be found starting in the fourth 
       byte of all infected files.  The "Air Raid" text string will be 
       located at the very end of all infected files.

Show viruses from discovered during that infect .

Main Page