SillyCER Virus


 Virus Name:  SillyCER 
 Aliases:     SillyCER.307 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    .COM & .EXE growth 
 Origin:      Unknown 
 Eff Length:  307 - 321 Bytes 
 Type Code:   PRaAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, AVTK, VAlert, Sweep, NAV, NAVDX, IBMAV, 
                    ViruScan, PCScan, ChAV, 
                    Sweep/N, NAV/N, IBMAV/N, AVTK/N, NShld, NProt, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The SillyCER or SillyCER.307 virus was received in July, 1995.  Its 
       origin or point of isolation is unknown.  SillyCER is a memory 
       resident infector of .COM and .EXE programs, including COMMAND.COM. 
       It doesn't do anything besides replicate. 
 
       When the first SillyCER infected program is executed, this virus will 
       install itself memory resident in a hole in allocated system memory, 
       hooking interrupt 21.  Total system and available free memory, as 
       indicated by the DOS CHKDSK program, will not be altered. 
 
       Once the SillyCER virus is memory resident, it will infect .COM 
       and .EXE programs when they are executed.  Infected .COM programs 
       will have a file length increase of 307 bytes, while infected .EXE 
       programs will have increased in size by 307 to 321 bytes.  In both 
       cases, the virus will be located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will not 
       be altered.  No text strings are visible within the viral code.

Show viruses from discovered during that infect .

Main Page