Oops Virus


 Virus Name:  Oops 
 Aliases:     Oops.600 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    .COM file growth; TSR; file date/time changes; 
              message "Bad command or file name" 
 Origin:      Unknown 
 Eff Length:  600 Bytes 
 Type Code:   PRsC - Parasitic Resident .COM Infector 
 Detection Method: F-Prot, AVTK, VAlert, Sweep, IBMAV, 
                   ViruScan, NAV, NAVDX, PCScan, ChAV, 
                   Sweep/N, IBMAV/N, NShld, NProt, LProt, AVTK/N, NAV/N, 
                   Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Oops or Oops.600 virus was received in July, 1995.  Its origin 
       or point of isolation is unknown.  Oops is a memory resident 
       infector of .COM files, but not COMMAND.COM. 
 
       When the first Oops infected program is executed, this virus will 
       install itself memory resident as a low system memory TSR of 6,032 
       bytes.  Interrupt 21 will be hooked by the virus in memory.  The 
       virus will then display the following message, returning the system 
       user to the DOS prompt: 
 
           "Bad command or file name" 
 
       Once the Oops virus is memory resident, it will infect .COM files 
       when the user attempts to execute the program, and then display the 
       message indicated above.  Once the program has become infected, a 
       later attempt to execute the program will result in it executing, 
       no message being displayed. 
 
       Programs infected with the Oops virus will have a file length 
       increase of 600 bytes with the virus being located at the end of 
       the file.  The program's date and time in the DOS disk directory 
       listing will have been updated to the current system date and 
       time when infection occurred.  The following text strings are 
       visible within the viral code: 
 
           "Bad command or file name" 
           "C:\COMMAND.COM C:\COMMAND.BAD" 
           "Oops! Sorry for BAD virus!" 
 
       Known variant(s) of Oops are: 
       Oops.1087: Also received in July, 1995, this is a 1,087 byte 
           variant of the Oops virus described above.  Its low system 
           memory TSR is 1,424 bytes, hooking interrupt 21.  It infects 
           .COM files when they are executed.  As with the original virus, 
           this variant will reinfect previously infected files.  Programs 
           infected with the Oops.1087 variant will have a file length 
           increase of 1,087 bytes for each infection present on the host 
           program.  The virus will be located at the end of the file. 
           The program's date and time in the DOS disk directory listing 
           will not be altered.  The following text strings are visible 
           within the viral code: 
           "OOPsTEMP.$$$" 
           "OOPsTEMP.$$$ OOPsTEMP$$$" 
           "O O P s" 
           A beep may be emitted from the system speaker when .COM files 
           are executed.  Once the boot copy of COMMAND.COM becomes 
           infected, the system will fail to boot from the infected 
           drive. 
           Origin:  Unknown  July, 1995.

Show viruses from discovered during that infect .

Main Page