Night Virus


 Virus Name:  Night 
 Aliases:     Night.2048 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    .COM & .EXE growth; file date/time seconds = "62"; 
              decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  2,048 - 2,062 Bytes 
 Type Code:   PRhA - Parasitic Resident .COM & .EXE Infector 
 Detection Method: F-Prot, AVTK, VAlert, ViruScan, Sweep, IBMAV, 
                   NAV, NAVDX, ChAV, 
                   Sweep/N, NShld, IBMAV/N, AVTK/N, NAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Night virus was received in July, 1995.  Its origin or point 
       of isolation is unknown.  Night is a memory resident infector of 
       .COM and .EXE files, but not COMMAND.COM. 
 
       When the first Night infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 2,576 bytes.  Interrupt 12's return will not 
       be moved.  Interrupt 21 will be hooked by the virus in memory. 
 
       Once the Night virus is memory resident, it will infect .COM and 
       .EXE files when they are executed.  Infected programs will have a 
       file length increase of 2,048 to 2,062 bytes with the virus being 
       located at the end of the file.  The program's date and time in the 
       DOS disk directory listing will not appear to be altered, though the 
       seconds field will have been set to "62", the infection marker for 
       the virus.  No text strings are visible within the viral code. 
 
       It is unknown what the Night virus may do besides replicate.

Show viruses from discovered during that infect .

Main Page