Skull Virus


 Virus Name:  Skull 
 Aliases:     Necro 
 V Status:    Rare 
 Discovered:  January, 1993 
 Symptoms:    .COM file growth; .EXE file corruption; graphic display 
 Origin:      United States 
 Eff Length:  666 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  AVTK, Sweep, ViruScan, F-Prot, NAVDX, VAlert, 
                    IBMAV, NAV, PCScan, ChAV, 
                    Sweep/N, NShld, Innoc, NProt, AVTK/N, IBMAV/N, NAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Skull, or Necro, virus was submitted in January, 1993, and is 
       from the State of Pennsylvania in the United States.  Skull is a 
       non-resident, direct action infector of .COM programs, including 
       COMMAND.COM.  It will also "drop" a second virus, the Skull EXE 
       virus, described below under variant(s).  Since the Skull EXE virus 
       also replicates, it is listed as a variant rather than as part of 
       the base Skull virus. 
 
       When a program infected with the Skull virus is executed, the Skull 
       virus will infect one .COM file located in the current directory. 
       If it cannot find a .COM program to infect, it will instead "drop" 
       the Skull EXE virus indicated below by overwriting the beginning of 
       an .EXE file. 
 
       Programs infected with the Skull virus will have a file length 
       increase of 666 bytes with the virus being located at the end of 
       the file.  The program's date and time in the DOS disk directory 
       listing will not be altered.  The following text strings are 
       visible within the Skull viral code in infected .COM files: 
 
               "*.COM" 
               "PATH=" 
               "*.EXE" 
 
       The Skull virus doesn't do anything besides replicate and drop the 
       Skull EXE virus indicated below.  The Skull EXE virus displays a 
       message when it is executed. 
 
       Known variant(s) of Skull are: 
       Skull EXE: Skull EXE is the overwriting virus which is dropped 
                  by the Skull virus indicated above.  When a program 
                  infected by the Skull EXE virus is executed, the Skull 
                  EXE virus will infect one .EXE file located in the 
                  current directory, overwriting the first 466 bytes of 
                  the host file.  Infected programs will not increase in 
                  size.  The Skull EXE virus will then display a graphic 
                  "skull" on the system display, with the following 
                  message: 
                  "You cant execute this file: 
                   Its already dead!" 
                  This message is encrypted within the viral code.  The 
                  following text string is unencrypted within the Skull EXE 
                  virus: 
                  "*.EXE" 
                  Origin:  Pennsylvania, USA  January, 1993.

Show viruses from discovered during that infect .

Main Page