Reaper Virus

 Virus Name:  Reaper 
 Aliases:     Reaper Man 
 V Status:    Rare 
 Discovery:   October, 1992 
 Symptoms:    .COM & .EXE file growth; file date/time corruption; 
              decrease in total system & available free memory 
 Origin:      England 
 Eff Length:  1,072 Bytes 
 Type Code:   PRhA - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  AVTK, F-Prot, ViruScan, Sweep, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, NProt, AVTK/N, LProt, NAV/N, 
                    IBMAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Reaper, or Reaper Man, virus was submitted in October, 1992. 
       It is originally from England.  Reaper is a memory resident 
       infector of .COM and .EXE programs, but not COMMAND.COM, and does 
       not infect programs on the A: drive. 
       When the first Reaper infected program is executed, the Reaper 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, hooking interrupt 21. 
       Total system and available free memory, as indicated by the DOS 
       CHKDSK program, will have decreased by 3,008 bytes.  Interrupt 12's 
       return will not be moved. 
       Once the Reaper virus is memory resident, it will infect .COM and 
       .EXE programs, other than COMMAND.COM, when they are copied or 
       opened for some reason other than execution.  Programs are infected 
       only when their location is other than on the A: drive.  Programs 
       infected with the Reaper virus will have a file length increase of 
       1,072 bytes with the virus being located at the end of the file. 
       Reaper is not able to determine when a program was previously 
       infected, so it will reinfect programs, adding an additional 1,072 
       bytes.  The program's date and time in the DOS disk directory 
       listing will be corrupted to an unusual value which is not a normal, 
       valid date and time.  The corruption of file date and times in the 
       DOS disk directory listing may also occur for programs which are not 
       infected by the virus. 
       The following text strings can be found within the viral code in 
       all Reaper infected programs: 
               "Reaper Man" 
               "(c) 92, Apache Warrior, ARCV Pres." 
               "[ReaperMan] Apache Warrior" 

Show viruses from discovered during that infect .

Main Page