Virus Name: Senorita
V Status: New
Discovered: January, 1996
Symptoms: .COM file growth; decrease in available free memory
Eff Length: 885 Bytes
Type Code: PRtCK - Parasitic Resident .COM Infector
Detection Method: IBMAV, ViruScan, AVTK, NAV, NAVDX, F-Prot, PCScan,
IBMAV/N, AVTK/N, NShld, NAV/N, Innoc
Removal Instructions: Delete infected files
The Senorita virus was received in January, 1996. Its origin or
point of isolation is unknown. Senorita is a memory resident fast
infector of .COM files, including COMMAND.COM.
When the first Senorita infected program is executed, this virus
will install itself memory resident at the top of system memory
but below the 640K DOS boundary, moving interrupt 12's return.
Available free memory, as indicated by the DOS CHKDSK program from
DOS 5.0, will have decreased by 1,008 bytes. Interrupt 21 will be
hooked by the virus in memory. Also at this time, the virus will
infect the copies of COMMAND.COM located in the C: drive root
directory and the C:\DOS directory.
Once the Senorita virus is memory resident, it will infect .COM
programs when they are executed or opened, but not when copied.
Infected files will have a file length increase of 885 bytes with
the virus being located at the end of the file. The program's date
and time in the DOS disk directory listing will not be altered. The
following text string is encrypted within the viral code:
It is unknown what the Senorita virus may do besides replicate.