MSTU Virus


 Virus Name:  MSTU 
 Aliases:     MSTU-531 
 V Status:    Rare 
 Discovered:  November, 1991 
 Symptoms:    .COM & .EXE growth 
 Origin:      Unknown 
 Eff Length:  531 - 532 Bytes 
 Type Code:   PNAK - Parasitic Non-Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, Sweep, F-Prot, NAV, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The MSTU virus was received from Europe in November, 1991.  Its 
       origin is unknown.  MSTU is a non-resident, direct action infector 
       of .COM and .EXE programs, including COMMAND.COM. 
 
       When a program infected with MSTU is executed, the virus will 
       search the current directory for uninfected .COM and .EXE files. 
       Any uninfected files which are located in the current directory 
       will be infected by the virus.  If COMMAND.COM is located in this 
       directory, it will also be infected. 
 
       .COM programs infected with the MSTU virus will have a file length 
       increase of 532 bytes.  .EXE programs infected with MSTU will have 
       a file length increase of 531 bytes.  In both cases, the virus will 
       be located at the end of the infected file.  There will be no 
       visible change in the file's date and time in a DOS disk directory 
       listing.  Text strings which can be found within MSTU infected 
       files are: 
 
               "This program was written in MSTU,1990" 
               "*.exe *.com" 
 
       It is unknown if MSTU does anything besides replicate. 
  
       Known variant(s) of MSTU are: 
       MSTU-551: Based on the MSTU virus, this variant adds 551 bytes 
                 to the .COM programs it infects, and 554 bytes to .EXE 
                 programs it infects.  It contains the same text string 
                 as the original virus.  Execution of .EXE programs 
                 infected with MSTU-551 may result in a system hang. 
                 Origin:  Unknown  January, 1992. 
       MSTU-1536: A later version of the MSTU virus, MSTU-1536 is a 
                 memory resident infector of .COM and .EXE programs, but 
                 not COMMAND.COM.  Its size in memory is 2,000 bytes, and 
                 is resident at the top of system memory but below the 
                 640K DOS boundary, hooking interrupt 21.  Once memory 
                 resident, MSTU-1536 infects .COM and .EXE programs when 
                 they are executed.  Infected programs have a file length 
                 increase of 1,536 to 1,550 bytes with the virus being 
                 located at the end of the file.  The program's date and 
                 time in the DOS disk directory listing will not be altered. 
                 The following text strings can be found within the viral 
                 code in all MSTU-1536 infected programs: 
                 "OOT" 
                 "CAN" 
                 "OKI" 
                 "RBOGEMAND" 
                 Additionally, all infected files with end with the 
                 following character sequence: "" 
                 Origin:  Unknown  May, 1993.

Show viruses from discovered during that infect .

Main Page