Riihi Virus

Virus Name: Riihi Aliases: Riihi.132 V Status: Rare Discovery: April, 1994 Symptoms: .COM file growth; file date/time changes Origin: Unknown Eff Length: 132 Bytes Type Code: PRaCK - Parasitic Resident .COM Infector Detection Method: F-Prot, ViruScan, IBMAV, Sweep, AVTK, NAV, NAVDX, VAlert, PCScan, ChAV, NProt, AVTK/N, NShld, Sweep/N, IBMAV/N, NAV/N, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The Riihi virus was received in April, 1994. Its origin or point of isolation is unknown. Riihi is a memory resident infector of .COM programs, including COMMAND.COM. When the first Riihi infected program is executed, this virus will install itself memory resident in allocated system memory, hooking interrupt 21. Total system and/or available free memory, as indicated by the DOS CHKDSK program, will not be altered. Once memory resident, the Riihi virus will infect .COM programs when they are executed. Infected programs will have a file length increase of 132 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. No text strings are visible within the viral code. Known variant(s) of Riihi are: Riihi.132: Received in January, 1996, this is a 258 byte memory resident variant of Riihi. It adds 258 bytes to the .COM files it infects, the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. No text strings are visible within the viral code. Origin: Unknown January, 1996.