R-10 Virus

 Virus Name:  R-10 
 Aliases:     DataRape-10, Rape-10 
 V Status:    Rare 
 Discovery:   September, 1991 
 Symptoms:    .COM file growth; decrease in total system and available 
              memory; overwrites system hard disk 
 Origin:      Canada 
 Eff Length:  500 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, AVTK, PCScan, 
                    NAV, IBMAV, NAVDX, VAlert, ChAV. 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The R-10, DataRape-10, or Rape-10 virus was isolated in September, 
       1991, and originated in Canada.  R-10 is a memory resident infector 
       of .COM files, including COMMAND.COM.  It is one of the viruses 
       which the RABID group claims responsibility for writing. 
       The first time a program infected with R-10 is executed, R-10 will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary.  Interrupts 21 and 69 will be hooked by R-10 
       in memory.  Total system and available free memory, as indicated by 
       the DOS CHKDSK program, will have decreased by 528 bytes. 
       Once R-10 is memory resident, it will infect .COM programs, including 
       COMMAND.COM, when they are executed.  Infected .COM programs will 
       increase in size by 500 bytes, the virus being located at the end 
       of the infected file.  There will be no change in the file date/time 
       in the DOS disk directory. 
       R-10 activates on a random basis, at which time it will overwrite 
       the system hard disk when a program is executed.  The overwriting 
       of the hard disk starts at the C: drive boot sector, with the virus 
       writing to the hard disk the program the user was attempting to 
       execute.  Once the virus completes writing this program to the 
       disk, it will continue formatting the hard drive, writing sectors 
       full of x'FF' characters until the user powers off the system. 
       R-10 is probably an earlier version of the R-11 virus. 
       See:   R-11 

Show viruses from discovered during that infect .

Main Page