Proud Virus

 Virus Name:  Proud 
 Aliases:     V1302, P1 Related 
 V Status:    Rare 
 Discovery:   August, 1990 
 Symptoms:    .COM growth; decrease in total system and available memory; 
              FAT entry corruption 
 Origin:      Bulgaria 
 Eff Length:  1,302 Bytes 
 Type Code:   PRtCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, NAV, Sweep, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Proud, or V1302, virus was isolated in August of 1990 in 
       Bulgaria by Vesselin Bontchev.  Proud is a memory resident infector 
       of .COM files, including COMMAND.COM. 
       The first time a program infected with Proud is executed, the virus 
       checks to determine if interrupt 13 is in use by another program, 
       and if it is, the virus will hang the system.  If interrupt 13 is 
       not in use by another program, Proud will install itself memory 
       resident at the top of system memory, but below the 640K DOS 
       boundary.  Total system memory and free available memory will 
       decrease by 8,192 bytes. Interrupt 2A will be replaced by the virus. 
       Once the virus is memory resident, it will infect .COM files within 
       certain candidate length ranges when they are opened for any 
       reason. The candidate file length ranges are: 
                2,048 - 14,335 bytes 
               16,384 - 30,719 bytes 
               32,768 - 47,103 bytes 
               49,152 - 63,487 bytes 
       Proud is an encrypted virus, and is unusual in that it "splits" the 
       .COM file being infected into two parts, placing the viral code 
       between the two sections.  Proud also is unable to distinguish when 
       a file has been previously infected, so .COM files can become 
       infected multiple times.  Each infection, with the exception of 
       COMMAND.COM, will add 1,302 bytes to the file length.  Infected 
       COMMAND.COM files generally don't increase in length on the first 
       infection as the virus will overwrite part of the 00h area of 
       COMMAND.COM with the viral code. 
       Proud can be a damaging virus, with a probability of 1 out of 256, 
       it may swap entries in the file allocation table. 

Show viruses from discovered during that infect .

Main Page