MGTU Virus

Virus Name: MGTU Aliases: V Status: Rare Discovered: December, 1990 Symptoms: .COM file growth; excessive disk activity; file date/time changes; "????????COM Path not found." message Origin: USSR Eff Length: 273 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: ViruScan, AVTK, F-Prot, NAV, Sweep, IBMAV, NAVDX, VAlert, PCScan, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The MGTU virus was submitted in December, 1990 and came from the USSR. This virus is a non-resident direct action infector of .COM files, including COMMAND.COM. When a program infected with the MGTU virus is executed, the virus will search the current drive and directory for uninfected .COM programs. All uninfected .COM programs will become infected with the virus. Infected .COM programs will have a file length increase of 273 bytes with the virus being located at the end of the file. Their date and time in the disk directory will also have been updated to the system date and time when infection occurred. Infected systems will display excessive disk activity each time an infected program is executed. This activity occurs because the virus is checking all of the .COM programs in the current directory to determine if they are already infected, or if they need to be infected. Infected systems may also experience the following message being displayed as infected programs cannot see command line parameters which are being passed to them, ????????COM having replaced the original parameters: "????????COM Path not found." MGTU does not do anything besides replicate.