Pascal-4260 Virus

Virus Name: Pascal-4260 Aliases: Iris, Wirus V Status: Viron Discovered: October, 1992 Symptoms: .COM & .EXE files corrupted/overwritten; error message "Abort, Retry, File?" Origin: Warsaw, Poland Eff Length: 4,260 Bytes Type Code: ONA - Overwriting Non-Resident .COM & .EXE Infector Detection Method: AVTK, Sweep, NAV, F-Prot, NAVDX, VAlert, IBMAV, ViruScan, NShld, Sweep/N, LProt, AVTK/N, NAV/N, NProt, IBMAV/N Removal Instructions: Delete infected files General Comments: The Pascal-4260 virus was received in October, 1992. It is from Warsaw, Poland. Pascal-4260 is a non-resident overwriting virus which infects .COM and .EXE programs. It is written in Borland's Turbo Pascal language. When a program infected with the Pascal-4260 virus is executed, it will access the C: drive and infect one program. It then displays the message below, substituting X for the current drive: "General error reading drive X Abort, Retry, File?" Regardless of what the user responds, the virus will then infect a second file on the C: drive, and display the message again. After the user responds the second time, they will be returned to the DOS prompt. The Pascal-4260 virus infects both .COM and .EXE programs located on the C: drive, and it can read down through the directory structure. Infected programs will have the first 4,260 bytes over- written with the Pascal-4260 viral code. The file's date and time in the DOS disk directory listing will not be altered. Several text strings can be found within the viral code in infected programs: "(C) by OSCAR" "6'89" Plus some text strings from Borland's compiler. The following additional text strings are encrypted within the viral code and thus not visible in infected programs: "To dopiero pierwaze pozdrowienia dla S.Fischera i M.Sella" "General error reading drive" "Abort, Retry, File?" Infected programs should be replaced with uninfected copies.