Andromeda 1.0 Virus
Virus Name: Andromeda 1.0
V Status: Rare
Discovery: June, 1993
Symptoms: .COM file growth; interfers with some anti-viral programs
Eff Length: 1,140 Bytes
Type Code: PNC - Parasitic Non-Resident .COM Infector
Detection Method: ViruScan, AVTK, F-Prot, Sweep, IBMAV,
NAV, NAVDX, VAlert, PCScan, ChAV,
NShld, AVTK/N, Sweep/N, NProt, IBMAV/N, NAV/N, Innoc,
Removal Instructions: Delete infected files
The Andromeda 1.0 virus was received from Hungary in June, 1993.
Andromeda 1.0 is a non-resident, direct action infector of .COM
programs, but not COMMAND.COM. A later version of this virus,
Andromeda 1.1, is listed separately as it has different basic
When a program infected with the Andromeda 1.0 virus is executed,
the Andromeda 1.0 virus will infect two .COM programs located in
the current directory. Infected programs will have a file length
increase of 1,140 bytes with the virus being located at the
beginning of the file. The program's date and time in the DOS
disk directory listing will not be altered. The following text
strings are encrypted within the Andromeda 1.0 viral code, and
are thus not visible within infected programs:
"-= The Andromeda Strain >- Version 1.00"
"By : Crypt Keeper"
"Mission Complete... Have fun with your virus(es)"
"RUNME.COM COMMAND.COM SCAN.EXE CLEAN.EXE NAV.EXE
Andromeda 1.0 may interfer with the functioning of some of the
above programs if they are located on non-write protected
See: Andromeda 1.1