Plovdiv 1.1 Virus


 Virus Name:  Plovdiv 1.1 
 Aliases:     SX 
 V Status:    Rare 
 Discovered:  November, 1991 
 Symptoms:    .COM file growth; file allocation errors; program error 
              messages 
 Origin:      Poland 
 Eff Length:  800 Bytes 
 Type Code:   PRCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, Sweep, AVTK, F-Prot, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Plovdiv 1.1 virus was received in November, 1991.  It is 
       originally from Poland.  Plovdiv 1.1 is a memory resident infector 
       of .COM files, including COMMAND.COM. 
 
       The first time a program infected with Plovdiv 1.1 is executed, 
       Plovdiv 1.1 will install itself memory resident in the DOS System 
       Data area in memory.  It will hook interrupts 1E, 21, and 22. 
       There will be no change in total system and available free 
       memory as indicated by the DOS CHKDSK program. 
 
       After the Plovdiv 1.1 virus has become memory resident, it will 
       infect one .COM file in the current directory each time any 
       program is executed, a DIR command is performed, or a .BAT file 
       is executed.  It will also infect .COM files if they are opened 
       for any reason. 
 
       Programs infected with Plovdiv 1.1 will have a file length increase 
       of 800 bytes, though the file length increase will be hidden when 
       the virus is memory resident.  The virus will be located at the 
       beginning of infected files.  There will be no change to the 
       file's date and time in a DOS directory listing.  The following 
       text strings will appear within the viral code in infected files: 
 
               "*.com" 
               "(C)Damage inc.Ver 1.1,Plovdiv,1991" 
 
       Symptoms of a Plovdiv 1.1 infection are that the DOS CHKDSK program 
       will indicate file allocation errors on all infected files if it 
       is executed with the virus memory resident.  Programs which expect 
       command line input may also return error messages and fail to 
       function properly. 
 
       It is unknown if Plovdiv 1.1 does anything besides replicate. 
 
       See:   Plovdiv 1.3 

Show viruses from discovered during that infect .

Main Page