Virus Name: P&C
V Status: New
Discovery: July, 1995
Symptoms: .COM file growth; system hangs;
decrease in available free memory
Eff Length: 855 Bytes
Type Code: PRhCK - Parasitic Resident .COM Infector
Detection Method: F-Prot, AVTK, VAlert, Sweep, NAV, NAVDX, IBMAV,
Sweep/N, NAV/N, IBMAV/N, NShld, AVTK/N, Innoc 4.0+
Removal Instructions: Delete infected files
The P&C virus was received in July, 1995. Its origin or point of
isolation is unknown. P&C is a memory resident infector of .COM
programs, including COMMAND.COM. System hangs may occur when the
virus infects very small .COM files.
When the first P&C infected program is executed, this virus will
install itself memory resident at the top of system memory but
below the 640K DOS boundary, not moving interrupt 12's return.
Available free memory, as indicated by the DOS CHKDSK program from
DOS 5.0, will have decreased by 928 bytes. Interrupt 21 will be
hooked by the virus in memory.
Once the P&C virus is memory resident, it will infect .COM files,
including COMMAND.COM, when they are executed. Infected .COM files
will have a file length increase of 855 bytes with the virus being
located at the end of the file. The file's date and time in the
DOS disk directory listing will not be altered. The following text
string is visible within the viral code:
This text string can also be found starting in the fourth byte of
all infected files.