Pathhunt Virus

Virus Name: Pathhunt Aliases: V Status: Rare Discovered: September, 1991 Symptoms: .COM & .EXE growth; .DBF file corruption; "Path not found" errors; program corruption Origin: Republic of South Africa Eff Length: 1,231 Bytes Type Code: PNA - Parasitic Non-Resident .COM & .EXE Infector Detection Method: ViruScan, AVTK, F-Prot, Sweep, NAV, IBMAV, NAVDX, VAlert, PCScan, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The Pathhunt Virus was discovered in the Republic of South Africa in September, 1991 by Oliver Steudler. Pathhunt is a non-resident direct action infector of .COM and .EXE files. It may also corrupt .DBF files on systems with advanced infections. When a program infected with Pathhunt is executed, Pathhunt will search the current directory structure for three .COM programs to infect which do not start with a JMP instruction (E9h or EBh). If the three .COM programs are not found, it will then search the system path looking for files to infect. If three uninfected candidate .COM program still have not been found, it will infect up to three .EXE programs. Once all of the .EXE programs have become infected, it will infect .DBF files, permanently corrupting these data files. Additionally, Pathhunt does not always infect programs correctly, some so programs will become corrupted and no longer function properly. Programs, both .COM and .EXE, infected with Pathhunt will increase in length by 1,231 bytes with the virus being located at the end of the infected file. There will be no change in the file's date and time in the DOS disk directory. The Pathhunt virus' name comes from the behavior of the virus when it infects files. Once a candidate program has been located, the virus renames the program to PATHHUNT, infects it, and then renames it back to its original name.