ShadowByte Virus

 Virus Name:  ShadowByte 
 Aliases:     Shadow, Shadow-2 
 V Status:    Rare 
 Discovered:  May, 1991 
 Symptoms:    .COM file growth 
 Origin:      Unknown 
 Eff Length:  713 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, AVTK, IBMAV, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The ShadowByte, or Shadow, virus was isolated in May, 1991.  Its 
       origin is unknown.  ShadowByte is a non-resident generic infector of 
       .COM programs, it will infect COMMAND.COM. 
       When a program infected with ShadowByte is executed, it will infect 
       one program in the current directory.  If COMMAND.COM is in the 
       current directory, it may become infected. 
       .COM programs, other than COMMAND.COM, will increase in length by 
       713 bytes when they are infected by ShadowByte.  COMMAND.COM will 
       increase in size by 723 bytes if it becomes infected.  In both 
       cases, the virus will be located at the end of the infected 
       program.  There will be no change to the file date and time in the 
       disk directory. 
       Programs infected with ShadowByte will contain two text strings:    
               "!seviL etybwodahS" 
       The virus' name comes from the first string above, which when 
       reversed says "Shadowbyte Lives!". 
       It is unknown if ShadowByte does anything besides replicate. 
       Known variant(s) of ShadowByte are: 
       Shadow-2: A smaller version of the Shadow virus, Shadow-2 adds 
                 635 bytes to infected files.  The following text strings 
                 can be found in infected files: 
                 "!sevil etybwodahS*.COM ????????." 
                 Origin: Unknown  November, 1991. 

Show viruses from discovered during that infect .

Main Page