P&C Virus


 Virus Name:  P&C 
 Aliases:     P&C.855 
 V Status:    New 
 Discovery:   July, 1995 
 Symptoms:    .COM file growth; system hangs; 
              decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  855 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method: F-Prot, AVTK, VAlert, Sweep, NAV, NAVDX, IBMAV, 
                   ViruScan, ChAV, 
                   Sweep/N, NAV/N, IBMAV/N, NShld, AVTK/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The P&C virus was received in July, 1995.  Its origin or point of 
       isolation is unknown.  P&C is a memory resident infector of .COM 
       programs, including COMMAND.COM.  System hangs may occur when the 
       virus infects very small .COM files. 
 
       When the first P&C infected program is executed, this virus will 
       install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by 928 bytes.  Interrupt 21 will be 
       hooked by the virus in memory. 
 
       Once the P&C virus is memory resident, it will infect .COM files, 
       including COMMAND.COM, when they are executed.  Infected .COM files 
       will have a file length increase of 855 bytes with the virus being 
       located at the end of the file.  The file's date and time in the 
       DOS disk directory listing will not be altered.  The following text 
       string is visible within the viral code: 
 
           "P&C" 
 
       This text string can also be found starting in the fourth byte of 
       all infected files.

Show viruses from discovered during that infect .

Main Page