Rajaat Virus


 Virus Name:  Rajaat 
 Aliases:     Rajaat.700 
 V Status:    New 
 Discovery:   January, 1995 
 Symptoms:    .EXE file growth; decrease in available memory 
 Origin:      Unknown 
 Eff Length:  700 Bytes 
 Type Code:   PRhE - Parasitic Resident .EXE Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAV, NAVDX, 
                    VAlert, PCScan, ChAV, 
                    AVTK/N, IBMAV/N, NShld, Sweep/N, NProt, NAV/N, 
                    IBMAV/N, LProt, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Rajaat or Rajaat.700 virus was received in January, 1995.  Its 
       origin or point of isolation is unknown.  Rajaat is a memory 
       resident infector of .EXE files. 
 
       When the first Rajaat infected program is executed, this virus 
       will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, hooking interrupt 21.  Interrupt 
       12's return will not be moved.  Available free memory, as indicated 
       by the DOS 5.0 CHKDSK program, will have decreased by approximately 
       704 bytes. 
 
       Once the Rajaat virus is memory resident, it will infect .EXE 
       files when they are executed.  Programs infected with the Rajaat 
       virus will have a file length increase of 700 bytes with the virus 
       being located at the end of the file.  The program's date and time 
       in the DOS disk directory listing will not be altered.  The 
       following text string can be found within the viral code in all 
       Rajaat infected programs: 
 
               "Rajaat" 
 
       It is unknown what the Rajaat virus does besides replicate. 
 
       Known variant(s) of Rajaat are: 
       Rajaat.287: Also received in January, 1995, Rajaat.287 is a 
             287 byte companion or spawning virus.  Its size in memory 
             is approximately 656 bytes, hooking interrupt 21.  It 
             infects .EXE programs when they are executed or opened by 
             creating a companion .COM file with the same base file 
             name.  These companion .COM files will be 287 bytes in 
             length and have the hidden and read-only attributes set. 
             As such, they will not appear in the DOS disk directory 
             listing.  The .COM file's date and time will be the system 
             date and time when infection occurred.  The "Rajaat" text 
             string can be found within the companion files. 
             Origin:  Unknown  January, 1995. 
       Rajaat.443: Received in July, 1995, Rajaat.443 is a 443 byte 
             companion or spawning virus.  Its size in memory is 
             approximately 928 bytes, hooking interrupts 21 and 28.  It 
             infects .EXE programs when they are executed or opened by 
             creating a companion .COM file with the same base file 
             name.  These companion .COM files will be 443 bytes in 
             length and have the hidden and read-only attributes set. 
             As such, they will not appear in the DOS disk directory 
             listing.  The .COM file's date and time will be the system 
             date and time when infection occurred.  The "Rajaat" text 
             string can be found within the companion files, as well as 
             the text string "*.EXE".  .EXE files will fail to function 
             when they are executed with this variant memory resident, 
             usually resulting in beeping and the user being returned to 
             the DOS prompt. 
             Origin:  Unknown  July, 1995. 
       Rajaat.679: Also received in January, 1995, Rajaat.679 is a 
             679 byte variant.  Its size in memory is approximately 688 
             bytes.  It adds 679 bytes to the .EXE files it infects.  The 
             text string "Rajaat" also occurs in this variant. 
             Origin:  Unknown  January, 1995.

Show viruses from discovered during that infect .

Main Page