Pif Virus

 Virus Name:  Pif 
 Aliases:     Pif Paf B v1.0 
 V Status:    Rare 
 Discovered:  May, 1992 
 Symptoms:    .COM & .EXE growth; decrease in total system & available 
              free memory 
 Origin:      Hungary 
 Eff Length:  760 - 774 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, Sweep, IBMAV, F-Prot, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Pif, or Pif Paf B v1.0, virus was received in May, 1992 from 
       Hungary.  Pif is a memory resident infector of .COM and .EXE 
       programs, including COMMAND.COM. 
       The first time a program infected with the Pif virus is executed, 
       this virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary.  Total system and available 
       free memory, as indicated by the DOS CHKDSK program, will have 
       decreased by 800 bytes with the first infection of memory.  Interrupt 
       12's return will not be moved.  Interrupt 21 will be hooked by 
       Pif in memory. 
       Once the Pif virus is memory resident, it will infect .COM and .EXE 
       programs when they are executed.  If COMMAND.COM is executed, it 
       will become infected.  Infected .COM programs will have a file length 
       increase of 760 bytes.  .EXE programs will have increased in length 
       by 760 to 774 bytes.  In both cases, the virus will be located at the 
       end of the infected file.  
       The following text strings can be found within the viral code in 
       Pif infected programs: 
               "PIF-PAF B v1.0" 
               "Nincs kegyelem !" 
       Systems infected with the Pif virus will notice that total system 
       and available free memory will continue to decrease the longer the 
       virus is in memory.  Each time an infected program is executed, Pif 
       will install another copy of itself in memory, decreasing total 
       system and available free memory by an additional 800 bytes. 

Show viruses from discovered during that infect .

Main Page