MindRiot Virus


 Virus Name:  MindRiot 
 Aliases: 
 V Status:    Viron 
 Discovered:  December, 1992 
 Symptoms:    .EXE files overwritten; program corruption 
 Origin:      Unknown 
 Eff Length:  814 Bytes Overwriting 
 Type Code:   ONE - Overwriting Non-Resident .EXE Infector 
 Detection Method:  AVTK, IBMAV, ViruScan, F-Prot, Sweep, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    LProt, NShld, Sweep/N, Innoc, AVTK/N, NAV/N, IBMAV/N, 
                    NProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The MindRiot virus was submitted in December, 1992.  Its origin or 
       point of isolation is unknown.  MindRiot is a non-resident, direct 
       action overwriting virus which infects .EXE programs. 
  
       When a program infected with the MindRiot virus is executed, the 
       MindRiot virus check to see if current directory is a root directory. 
       If it is, the virus will not infect anything, and the user will be 
       returned to the DOS prompt.  If the current directory is not the 
       current drive's root directory, the virus will infect one .EXE file 
       in the current directory. 
 
       Programs infected with the MindRiot virus will have the first 814 
       bytes of the host program overwritten by the MindRiot viral code. 
       The programs will not increase in size unless they were originally 
       smaller than 814 bytes, in which case they will become 814 bytes in 
       length.  The program's date and time in the DOS disk directory 
       listing will not be altered.  The following text strings are 
       encrypted within the MindRiot viral code: 
 
              "* *.EXE *.* \" 
              "????????EXE" 
              "If You Think You Saw A Part Of Your Source Code In This 
               You're Probably Right!" 
              "When Making This I Used Pieces From Other Sources... 
               heheh...What Can I Say?" 
              "I'm A Pirate At Heart!" 
              "Lithium Chloride" 
 
       Programs infected with the MindRiot virus are permanently corrupted, 
       and should be replaced with clean, uninfected copies. 
 
       Known variant(s) of MindRiot are: 
       MindRiot-B: Received in October, 1993, MindRiot-B is a 907 byte 
                 variant of the MindRiot virus described above.  It over- 
                 writes the first 907 bytes of host .EXE files.  The 
                 following text strings are encrypted within the viral code: 
                 "* *.EXE *.* \" 
                 "????????EXE" 
                 "YAM 92 -Mind Riot Strain B- LiCl" 
                 "The Mind Riot - Strain B -LiCl" 
                 "-YAM '92" 
                 "Howrya: Mr. M, Nap, N.S, S.M, Displ, Lov, Otto, A.B, K.P" 
                 "Whatsup: RABID, SKISM, SAC, CPI, Etc, Etc." 
                 "Middle Finger To: McAffee" 
                 MindRiot-B only infects files located in a subdirectory 
                 on the system hard disk.  System hangs may occur when 
                 infected programs are executed. 
                 Origin:  Unknown  October, 1993.

Show viruses from discovered during that infect .

Main Page