All Sys 9 Virus

Virus Name: All Sys 9 Aliases: IOU V Status: Rare Discovery: September, 1992 Symptoms: .COM & .EXE growth; TSR; "Abort, Retry, Ignore ?" error; system reboots; unexpected beeps on system speaker Origin: Unknown Eff Length: 1,838 - 2,088 Bytes Type Code: PRsAK - Parasitic Resident .COM & .EXE Infector Detection Method: ViruScan, F-Prot, IBMAV, AVTK, Sweep, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, NProt, AVTK/N, IBMAV/N, Innoc, NAV/N, LProt Removal Instructions: Delete infected files General Comments: The All Sys 9, or IOU, virus was submitted in September, 1992. Its origin or point of isolation is unknown. All Sys 9 is a memory resident infector of .COM and .EXE programs, including COMMAND.COM. The first time a program infected with the All Sys 9 virus is executed, this virus will install itself memory resident as a low system memory TSR of 2,576 bytes. It will have hooked interrupt 21. Once memory resident, All Sys 9 will infect .COM and .EXE programs, including COMMAND.COM, when they are executed. Infected .COM programs will have a file length increase of 1,838 to 1,863 bytes with the virus being located at the beginning of the file. Infected .EXE programs will have a file length increase of 2,080 to 2,088 bytes with the virus being located at the end of the file. .EXE programs may be reinfected by the virus, adding an additional 2,080 bytes with each reinfection. The file's date and time in the DOS disk directory listing will not be altered. The following text strings can be found within the viral code in all All Sys 9 infected programs: "All System 9 - (c) 1991, Jerry C." "Parity error at address 14344" "Abort, Retry, Ignore ?" Systems infected with All Sys 9 may experience the "Abort, Retry, Ignore ?" message being displayed, after which pressing any key on the system keyboard will result in a system reboot. Beeping will also occassionally be emitted from the system speaker.