Pathhunt Virus

 Virus Name:  Pathhunt 
 V Status:    Rare 
 Discovered:  September, 1991 
 Symptoms:    .COM & .EXE growth; .DBF file corruption; "Path not found" 
              errors; program corruption 
 Origin:      Republic of South Africa 
 Eff Length:  1,231 Bytes 
 Type Code:   PNA - Parasitic Non-Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, NAV, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Pathhunt Virus was discovered in the Republic of South Africa 
       in September, 1991 by Oliver Steudler.  Pathhunt is a non-resident 
       direct action infector of .COM and .EXE files.  It may also 
       corrupt .DBF files on systems with advanced infections. 
       When a program infected with Pathhunt is executed, Pathhunt will 
       search the current directory structure for three .COM programs to 
       infect which do not start with a JMP instruction (E9h or EBh).  If 
       the three .COM programs are not found, it will then search the 
       system path looking for files to infect.  If three uninfected 
       candidate .COM program still have not been found, it will infect 
       up to three .EXE programs.  Once all of the .EXE programs have 
       become infected, it will infect .DBF files, permanently corrupting 
       these data files.  Additionally, Pathhunt does not always infect 
       programs correctly, some so programs will become corrupted and no 
       longer function properly. 
       Programs, both .COM and .EXE, infected with Pathhunt will increase 
       in length by 1,231 bytes with the virus being located at the end 
       of the infected file.  There will be no change in the file's date 
       and time in the DOS disk directory. 
       The Pathhunt virus' name comes from the behavior of the virus when 
       it infects files.  Once a candidate program has been located, the 
       virus renames the program to PATHHUNT, infects it, and then renames 
       it back to its original name. 

Show viruses from discovered during that infect .

Main Page