Oi Dudley Virus

Virus Name: Oi Dudley Aliases: Dudley V Status: Common Discovered: February, 1993 Symptoms: .COM & .EXE growth; decrease in total system & available free memory; system hangs Origin: Australia Eff Length: 1,218 - 1,245 Bytes Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector Detection Method: AVTK, F-Prot, IBMAV, Sweep, NAV, PCScan, ViruScan, NAVDX, VAlert, ChAV, NShld, AVTK/N, Sweep/N, NAV/N, IBMAV/N, Innoc, LProt Removal Instructions: Delete infected files General Comments: The Oi Dudley, or Dudley, virus was discovered in Australia in February, 1993. Oi Dudley is a memory resident infector of .COM and .EXE programs, including COMMAND.COM. It is a polymorphic virus, employing an encryption mechanism based on the encryption used in the V2P6 virus, thus requiring an algorithmic approach to detection. It is also a fast infector, spreading when programs are opened for any reason. It has been reported by several sources as being prominent in Australia. When the first Oi Dudley infected program is executed, the Oi Dudley virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, hooking interrupt 21. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 4,608 bytes. Interrupt 12's return will not have been moved. Once the Oi Dudley virus is memory resident, it will infect .COM and .EXE programs, including COMMAND.COM, when they are executed or opened for any reason. Infected programs will have a file length increase of 1,218 to 1,245 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not be altered. The following text string, indicating the virus' name, is encrypted within the viral code: "[Oi Dudley!][PuKE]" Systems infected with the Oi Dudley virus may experience system hangs when programs are executed from subdirectories.