OMT Virus

Virus Name: OMT Aliases: 413, One More Thing V Status: Rare Discovered: May, 1992 Symptoms: .COM file growth; long disk accesses; system hangs; hard disk overwritten after 1992 Origin: Australia Eff Length: 413 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: ViruScan, Sweep, AVTK, F-Prot, IBMAV, PCScan, NAV, NAVDX, VAlert, ChAV, NShld, Sweep/N, AVTK/N, NProt, IBMAV/N, Innoc, NAV/N Removal Instructions: Delete infected files General Comments: The OMT, One More Thing or 417, virus was discovered in Australia in May, 1992 by Peter Ferrie. The OMT virus is a non-resident, direct action infector of .COM programs, including COMMAND.COM. It is destructive when it activates after in years after 1992. When a program infected with the OMT virus is executed, the OMT virus will infect all of the .COM programs located in the current directory. Once it has completed infecting all of the .COM programs, a system hang usually occurs. The virus contains code to infect the C: drive root directory, however it appears this code isn't functional. Programs infected with the OMT virus will have a file length increase of 413 bytes with the virus being located at the end of the infected file. The program's date and time in the DOS disk directory listing will not be altered. OMT is an encrypted virus, so no text strings are visible within the viral code in infected files. The following text strings are included in the virus: "c:\*.com" "And one more thing... fuck you!" The OMT virus activates when the year of the system date is after 1992. At that time, the virus will overwrite the system hard disk starting at side 0, cylinder 0, sector 1, when an infected program is executed.