Revelation Virus

 Virus Name:  Revelation 
 V Status:    Rare 
 Discovery:   August, 1993 
 Symptoms:    .COM file growth; file allocation errors; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  4,096 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, NAV, NAVDX, AVTK 7.68+, 
                    NShld, NAV/N, AVTK/N 7.68+ 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Revelation virus was received in August, 1993.  Its origin or 
       point of isolation is unknown.  Revelation is a memory resident 
       stealth virus which infects .COM programs, including COMMAND.COM. 
       It employs an encryption mechanism similar to that used by the 
       "Fish" virus. 
       When the first Revelation infected program is executed, this virus 
       will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, not moving interrupt 12's return. 
       Total system and available free memory, as indicated by the DOS 
       CHKDSK program, will have decreased by 32,768 bytes.  Interrupts 
       21 and 22 will be hooked by Revelation in memory. 
       Once memory resident, Revelation infects .COM programs over 4,096 
       bytes in size when a DOS DIR command is executed.  The virus does 
       not always infect the .COM files it encounters, sometimes it will 
       just add 10 bytes to the end of the file.  Programs infected with 
       the 4096 virus will have a file length increase of 4,096 bytes, 
       though 4,086 bytes of this file length increase will be hidden by 
       the virus when it is memory resident.  The virus will be located 
       at the end of the file, and the file's date and time in the DOS 
       disk directory listing will not be altered.  The following text 
       strings are encrypted within the Revelation viral code: 
               "Revelation Virus Alpha" 
               "Copyright (c) 1991 by Transvisionary" 
       Systems infected with the Revelation virus will experience the 
       DOS CHKDSK program indicating file allocation errors on all 
       infected files when the virus is memory resident. 
       See:   Fish 

Show viruses from discovered during that infect .

Main Page