Pysk Virus


 Virus Name:  Pysk 
 Aliases:     Pysk.1536 
 V Status:    New 
 Discovery:   February, 1995 
 Symptoms:    .COM & .EXE growth; decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  1,536 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, IBMAV, AVTK, Sweep, NAV, NAVDX, VAlert, 
                    ViruScan, ChAV, 
                    NProt, IBMAV/N, AVTK/N, Sweep/N, NShld, NAV/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Pysk virus was received in February, 1995.  Its origin or point 
       of isolation is unknown.  Pysk is a memory resident infector of .COM 
       and .EXE files, including COMMAND.COM. 
 
       When the first Pysk infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Total 
       available memory, as indicated by the DOS 5.0 CHKDSK program, will 
       have decreased by 1,744 bytes.  Interrupt 21 will be hooked by the 
       virus in memory. 
 
       Once the Pysk virus is memory resident, it will infect .COM and .EXE 
       files, including COMMAND.COM, when they are executed.  Infected files 
       will have a file length increase of 1,536 bytes.  The virus will be 
       located at the end of the file.  The program's date and time in the 
       DOS disk directory listing will not be altered.  No text strings are 
       visible within the viral code. 
 
       It is unknown what the Pysk virus does besides replicate.

Show viruses from discovered during that infect .

Main Page