Virus Name: Pysk
V Status: New
Discovery: February, 1995
Symptoms: .COM & .EXE growth; decrease in available free memory
Eff Length: 1,536 Bytes
Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector
Detection Method: F-Prot, IBMAV, AVTK, Sweep, NAV, NAVDX, VAlert,
NProt, IBMAV/N, AVTK/N, Sweep/N, NShld, NAV/N, Innoc 4.0+
Removal Instructions: Delete infected files
The Pysk virus was received in February, 1995. Its origin or point
of isolation is unknown. Pysk is a memory resident infector of .COM
and .EXE files, including COMMAND.COM.
When the first Pysk infected program is executed, this virus will
install itself memory resident at the top of system memory but below
the 640K DOS boundary, not moving interrupt 12's return. Total
available memory, as indicated by the DOS 5.0 CHKDSK program, will
have decreased by 1,744 bytes. Interrupt 21 will be hooked by the
virus in memory.
Once the Pysk virus is memory resident, it will infect .COM and .EXE
files, including COMMAND.COM, when they are executed. Infected files
will have a file length increase of 1,536 bytes. The virus will be
located at the end of the file. The program's date and time in the
DOS disk directory listing will not be altered. No text strings are
visible within the viral code.
It is unknown what the Pysk virus does besides replicate.