My Child Virus

Virus Name: My Child Aliases: My Child.A V Status: New Discovery: January, 1995 Symptoms: .COM & .EXE growth; file date/time seconds = "62"; decrease in available free memory (DOS 5.0) Origin: Unknown Eff Length: 1,000 Bytes Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector Detection Method: F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAV, NAVDX, VAlert, ChAV, AVTK/N, IBMAV/N, NShld, Sweep/N, NProt, NAV/N, Innoc Removal Instructions: Delete infected files General Comments: The My Child virus was received in January, 1995. Its origin or point of isolation is unknown. My Child is a memory resident fast infector of .COM and .EXE files, including COMMAND.COM. This virus does not infect small .COM and .EXE files. When the first My Child infected program is executed, this virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Available free memory, as indicated by the DOS CHKDSK program from DOS 5.0, will have decreased by approximately 1,136 bytes. Interrupt 21 will be hooked by the virus in memory. Once the My Child virus is memory resident, it will infect .COM and .EXE files, including COMMAND.COM, when they are executed or opened, but not when copied. Infected files will have a file length increase of 1,000 bytes with the virus being located at the end of the file. The file's date and time in the DOS disk directory listing will appear to be altered, though the seconds field will have been set to "62". The following text strings are visible within the viral code: "My Child..." "K-on-ASQR" It is unknown what the My Child virus does besides replicate. Known variant(s) of My Child are: My Child.B: Received in July, 1995, My Child.B is a minor variant of the My Child virus described above. The following text strings are visible within the viral code: "REFsoft" "KomsomSQR" Origin: Unknown July, 1995.