Virus Name: Repent
V Status: Viron
Discovery: December, 1992
Symptoms: .COM files overwritten; program corruption;
programs fail to function properly; boot failures
Eff Length: 350 Bytes OW
Type Code: ONCK - Overwriting Non-Resident .COM Infector
Detection Method: ViruScan, Sweep, F-Prot, NAV, IBMAV, AVTK,
NAVDX, VAlert, PCScan, ChAV,
NShld, Sweep/N, Innoc, LProt, NAV/N, AVTK/N, IBMAV/N,
Removal Instructions: Delete infected files
The Repent virus was submitted in December, 1992. Its origin or
point of isolation is unknown. Repent is a non-resident overwriting
virus which infects .COM programs, including COMMAND.COM.
When a program infected with the Repent virus is executed, the
Repent virus will infect the first four .COM programs located in
the current directory. If COMMAND.COM is located in this directory,
it may become infected. The Repent virus contains code to move
up one directory in the directory structure, though this code does
not function properly and programs in higher level directories are
not infected by the virus.
Programs infected with the Repent virus will have the first 350
bytes of the host program overwritten by the Repent viral code.
There will be no change to the file's length unless it was
originally smaller than 350 bytes in length, in which case it will
become 350 bytes in length. The program's date and time in the DOS
disk directory listing will not be altered. One text string is
encrypted within the Repent viral code:
Programs infected with the Repent virus will not function properly,
and are permanently corrupted. Boot failures will occur once the
boot copy of COMMAND.COM becomes infected by the virus.