Sentinel Virus

 Virus Name:  Sentinel 
 Aliases:     Sentinel-3, Sentinel-5, BC 
 V Status:    Rare 
 Discovered:  January, 1991 
 Symptoms:    .COM & .EXE growth; decrease in available free memory; 
              system hangs; "Keyboard stuck key failure" message 
 Origin:      Bulgaria 
 Eff Length:  4,625 Bytes 
 Type Code:   PRHAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, NAV, VAlert, 
                    IBMAV, NAVDX, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, AVTK/N, NAV/N, IBMAV/N, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Sentinel virus was submitted in January, 1991, and is from 
       Bulgaria.  This virus is a memory resident infector of .COM and 
       .EXE files, and will infect COMMAND.COM.  Unlike most viruses, this 
       virus was received with its original Turbo Pascal source code.  It 
       may be purely a research virus at this time. 
       When the first program infected with Sentinel is executed, the 
       virus will install itself memory resident at the top of system 
       memory, but below the 640K DOS boundary.  Interrupt 12's return is 
       not moved by the virus.  Interrupt 21 will be hooked by the virus 
       in memory. COMMAND.COM, if not previously infected, will be 
       infected by Sentinel at this time as well. 
       After Sentinel is memory resident, it will infect .COM and .EXE 
       programs larger than 1K as they are opened or executed.  Infected 
       programs will have a file length increase of 4,625 bytes, the virus 
       will be located at the end of the file.  This virus makes no 
       attempt to hide the file length increase.  File date and time in 
       the disk directory is not altered by the virus. 
       The following text strings can be found at the very end of programs 
       infected with Sentinel: 
               "You won't hear me, but you'll feel me.... 
                (c) 1990 by Sentinel. 
                With thanks to Borland." 
       Sentinel does not appear to do anything besides replicate. 
       Known variant(s) of Sentinel are:     
       Sentinel-3: Sentinel-3 is a 5,173 byte variant of the Sentinel 
                   virus.  Unlike Sentinel, though, it will hide the file 
                   length increase on infected programs if it is memory 
                   resident.  Sentinel-3's size in memory is 5,328 bytes. 
                   There are no recognizable text strings visable in 
                   infected programs.  Systems infected with Sentinel-3 
                   will notice file allocation errors when executing the 
                   DOS CHKDSK command when the virus is memory resident. 
                   These errors do not occur with the original Sentinel 
                   virus since it didn't attempt to hide the infected 
                   program's file length increase. 
                   Origin: Bulgaria   May 1991 
       Sentinel-5: Sentinel-5 is a 5,402 byte variant of Sentinel-3. 
                   When Sentinel-5 is memory resident, it will hide the 
                   file length increase on infected programs.  Like 
                   Sentinel-3, executing the DOS CHKDSK program will 
                   uncover file allocation errors when the virus is 
                   memory resident.  Sentinel-5 will not infect programs 
                   smaller than 2K in size.  Attempts to boot from an 
                   infected COMMAND.COM program may result in the message 
                   "Keyboard stuck key failure", though this does not 
                   always occur.  System hangs will occur if the user 
                   attempts to view infected programs with a file editor 
                   when Sentinel-5 is resident.  Sentinel-5's size in 
                   memory is 5,568 bytes.  There are no readable text 
                   strings within the viral code in Sentinel-5 infected 
                   Origin: Bulgaria   May 1991 

Show viruses from discovered during that infect .

Main Page