Olya Virus


 Virus Name:  Olya 
 Aliases:     Olya.398 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .EXE files altered 
 Origin:      Unknown 
 Eff Length:  398 Bytes Overwriting 
 Type Code:   ORE - Overwriting Resident .EXE Infector 
 Detection Method:  ViruScan, NAV, NAVDX, AVTK, F-Prot, ChAV, 
                    NShld, NAV/N, AVTK/N, Innoc 
 Removal Instructions:  F-Prot 2.21 or Delete infected files 
 
 General Comments: 
       The Olya virus was received in January, 1996.  Its origin or point 
       of isolation is unknown.  Olya is a memory resident stealth infector 
       of .EXE files.  It quickly spreads on infected systems. 
 
       When the first Olya infected program is executed, this virus will 
       install itself memory resident.  Total system and available free 
       memory, as indicated by the DOS CHKDSK program, will not be altered, 
       and no interrupts will appear to be hooked by the virus in memory. 
 
       Once the Olya virus is memory resident, it will infect .EXE files 
       when they are executed, opened, or copied.  Infected files will not 
       have a file length increase regardless of whether the virus is 
       memory resident as the virus infects the .EXE file header.  The 
       file's date and time in the DOS disk directory listing will not 
       be altered.  The following text strings are visible within the 
       viral code: 
 
           "Olya KibinaS‚" 
           "P‹G" 
 
       These text strings cannot be viewed when the virus is memory resident 
       as the virus will present an uninfected copy of the file when it is 
       read into memory.

Show viruses from discovered during that infect .

Main Page