Albania Virus


 Virus Name:  Albania 
 Aliases:     Albania-429, Albania-506, Albania-575, Albania-606 
 V Status:    Rare 
 Discovery:   January, 1992 
 Symptoms:    .COM file growth; file date/time change; program execution 
              failure; system hangs 
 Origin:      Bulgaria 
 Eff Length:  429 - 606 Bytes, depending on variant present 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  Sweep, F-Prot, ViruScan, AVTK, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       Albania is actually a family of four viruses which were received 
       in January, 1992.  They are from Bulgaria.  All of these viruses 
       are non-resident, direct action infectors of .COM programs, 
       including COMMAND.COM.  Their general behavior is described below, 
       with specific infection information listed under known variants. 
 
       When a program infected with one of the Albania viruses is executed, 
       the Albania virus will infect one .COM program located in the 
       current directory.  If COMMAND.COM is located in this directory, 
       it may become infected.  The file length increase for Albania 
       infected programs depends on the Albania virus present, but the 
       viral code will always be located at the end of the infected 
       program.  The infected file's date and time in the DOS disk 
       directory listing will have been updated to the current system 
       date and time when infection occurred. 
 
       The following text strings can be found in all infected programs, 
       regardless of the variant present: 
 
               "PATH=" 
               "*.COM" 
 
       It is unknown if Albania does anything besides replicate. 
 
       Known variant(s) of Albania are: 
       Albania-429: The smallest of the Albania viruses, this virus 
                    adds 429 bytes to the .COM programs it infects. 
                    Infected programs will contain the text string 
                    "ALBANIA" in addition to the text strings found above. 
       Albania-506: Albania-506 adds 506 bytes to the .COM programs 
                    it infects.  Like Albania-429, the text string 
                    "ALBANIA" can be found in all infected programs in 
                    addition to the text strings indicated above. 
       Albania-575: Albania-575 adds 575 bytes to the .COM programs 
                    it infects.  In addition to the text strings indicated 
                    above for all members of this family, the text string 
                    "albania" will also be found.  Systems infected with 
                    the Albania-575 virus may notice that some .COM 
                    programs will fail to execute properly, or that 
                    random characters from system memory may be displayed. 
                    System hangs may also occur. 
       Albania-606: Albania-606 adds 606 bytes to the .COM programs 
                    it infects.  Unlike other members of this family, it 
                    does not always infect a .COM program each time an 
                    infected program is executed.  It contains the text 
                    string "albania" in addition to the text strings 
                    indicated above.

Show viruses from discovered during that infect .

Main Page