Mexican Mud Virus


 Virus Name:  Mexican Mud 
 Aliases:    
 V Status:    Rare 
 Discovered:  July, 1992 
 Symptoms:    .COM file growth; system hangs; file time seconds = 62 
 Origin:      Sweden 
 Eff Length:  575 Bytes 
 Type Code:   PRaCK - Parasitic Resident .COM Infector 
 Detection Method:  Sweep, ViruScan, F-Prot, IBMAV, AVTK, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, LProt, Innoc, NProt, AVTK/N, IBMAV/N, 
                    NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Mexican Mud virus was submitted in July, 1992.  While from the 
       virus' name it can be assumed to be from Mexico, it is believed to 
       actually have been written in Sweden.  Mexican Mud is a memory 
       resident infector of .COM programs, including COMMAND.COM.  It is 
       based on the Vienna virus. 
 
       The first time a program infected with Mexican Mud is executed, 
       this virus will install itself memory resident in available free 
       memory, hooking interrupt 21.  Total system & available free 
       memory, as indicated by the DOS CHKDSK program, will not be 
       altered. 
 
       Once the Mexican Mud virus is memory resident, it will infect .COM 
       programs when they are executed.  If COMMAND.COM is executed, it 
       will become infected.  Programs infected with the Mexican Mud virus 
       will have a file length increase of 575 bytes with the virus being 
       located at the end of the file.  The program's date and time in 
       the DOS disk directory listing will not appear to be altered, though 
       the seconds field in the file time will have been set to 62. 
 
       Systems infected with the Mexican Mud virus may experience frequent 
       system hangs.  These hangs occur when the virus in memory is 
       inadvertantly overwritten by another program the user is attempting 
       to execute. 
 
       See:   Vienna

Show viruses from discovered during that infect .

Main Page