Rattle Virus


 Virus Name:  Rattle 
 Aliases:     Death Rattle 
 V Status:    Rare 
 Discovery:   July, 1992 
 Symptoms:    .COM file growth; system hangs; file time seconds = 62 
 Origin:      Unknown 
 Eff Length:  615 Bytes 
 Type Code:   PRaCK - Parasitic Resident .COM Infector 
 Detection Method:  Sweep, ViruScan, F-Prot, IBMAV, AVTK, PCScan, 
                    NAV, NAVDX, VAlert, ChAV, 
                    NShld, Sweep/N, LProt, NProt, AVTK/N, NAV/N, IBMAV/N, 
                    Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Rattle, or Death Rattle, virus was submitted in July, 1992.  Its 
       origin is unknown, though the submission was from a European source. 
       Rattle is based on the Vienna virus, though this virus is a 
       memory resident infector of .COM programs, including COMMAND.COM. 
 
       The first time a program infected with the Rattle virus is executed, 
       the Rattle virus will install itself memory resident in available 
       free memory.  Total system and available free memory, as indicated 
       by the DOS CHKDSK program, will not decrease.  Interrupt 21 will 
       be hooked by Rattle in memory. 
 
       Once the Rattle virus is memory resident, it will infect .COM 
       programs when they are executed.  If COMMAND.COM is executed, it 
       will become infected.  Programs infected with the Rattle virus will 
       have a file length increase of 615 bytes with the virus being 
       located at the end of the file.  The file's date and time in the 
       DOS disk directory listing will not appear to be altered, though 
       the seconds field will have been set to 62. 
 
       Systems infected with the Rattle virus may experience frequent 
       system hangs due to a program the user was attempting to execute 
       overwriting the virus in memory. 
 
       See:   Vienna

Show viruses from discovered during that infect .

Main Page