Opal Virus

Virus Name: Opal Aliases: Opal.390 V Status: New Discovered: January, 1996 Symptoms: .COM file growth; file date/time seconds = "62" Origin: Unknown Eff Length: 390 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: IBMAV, PCScan, NAV, NAVDX, AVTK, F-Prot, PCScan, ViruScan, ChAV, IBMAV/N, LProt, NAV/N, AVTK/N, NShld, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The Opal or Opal.390 virus was received in January, 1996. Its origin or point of isolation is unknown. Opal is a non-resident direct action infector of .COM files, including COMMAND.COM. When a program infected with the Opal virus is executed, this virus will infect one .COM file located in the C: drive root directory. Programs infected with the Opal virus will have a file length increase of 390 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not appear to be altered, though the seconds field will have been set to "62". The following text string is encrypted within the viral code: "*.COM OpalSoftCHKLIST?.* .." Known variant(s) of Opal are: Opal.682: Also received in January, 1996, this is a 683 byte variant of the Opal virus described above. It infects all of the .COM files in the current directory when an infected program is executed. Infected .COM files will have a file length increase of 683 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not be altered. The following text string is visible within the viral code in all infected programs: "*.COM OpalSoft 10.3.1994 v1.2C:\" Origin: Unknown January, 1996.