Slayer Family Virus

 Virus Name:  Slayer Family 
 Aliases:     Brain Slayer, Slayer, Yankee Doodle Dropper, VBasic 2 
 V Status:    Common 
 Discovered:  March, 1991 
 Symptoms:    .COM & .EXE growth; long disk accesses; disk directory 
              altered; disk accesses to unexpected drives 
 Origin:      United States 
 Eff Length:  5,120 Bytes 
 Type Code:   PNA - Resident Non-Parasitic .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, NAV, Sweep, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Slayer Family of Viruses was discovered in March, 1991.  This 
       group of viruses currently consists of five known variants which 
       were submitted from different locations at approximately the same 
       time.  All of the variants are non-resident direct action infectors 
       of .COM and .EXE files.  They do not infect COMMAND.COM. 
       Below is a generic description of the viruses in this family. 
       Specifics for each variant are listed under "Known variants" at the 
       end of this entry.  In some cases, the only difference between the 
       variants is a few bytes. 
       When a program infected with a Slayer Family virus is executed, it 
       will infect all .COM and .EXE programs in the current directory on 
       the current drive.  Additionally, depending on the variant, it may 
       infect some programs on other drives as well. 
       Programs infected with a Slayer Family virus will increase in size 
       between 5,120 and 5,135 bytes with the virus being located at the 
       end of the infected file.  The program's date and time in the disk 
       directory will not be altered. 
       Symptoms of Slayer Family viruses include long disk accesses when 
       attempting to execute an infected program, and possibly disk 
       accesses to unexpected drives.  The order of the disk directory on 
       infected systems may also be altered so that .COM programs appear 
       first in the directory. 
       At least one member of this family, Slayer-E or Yankee Doodle 
       Dropper, carries the Yankee Doodle virus which it will later 
       release on infected systems.  This Yankee Doodle is the TP45VIR 
       Members of the Slayer Family are: 
       Slayer-A: Slayer-A will infect up to nine programs in a directory, 
                 other than the root directory, on the system C: drive in 
                 addition to programs on the current drive when an 
                 infected program is executed. 
       Slayer-B: Similar to Slayer-A, this variant will infect programs 
                 located in the C: drive root directory in addition to 
                 those located on the current drive and directory. 
       Slayer-C: Similar to Slayer-A and Slayer-B, Slayer-C will infect 
                 all programs located on the current drive and all 
                 programs located on the C: drive.  The following text 
                 strings can be found in samples of Slayer-C: 
                  "IBMDOS.COM COMMAND.COM *.* .. \ .. *.EXE" 
                  "Access denied." 
       Slayer-D: Slayer-D is similar to Slayer-C, the major difference 
                 being that while it accesses the C: drive when an 
                 infected program is executed, it will not infect any 
                 programs on the C: drive unless the infected program was 
                 being executed from C:. The text strings indicated for 
                 Slayer-C also occur for this variant. 
       Slayer-E: Slayer-E is also known as the Yankee Doodle Dropper. 
                 When an infected program is executed, it will infect all 
                 the programs on the current drive and directory, and then 
                 infect a few programs on the C: drive.  After some period 
                 of time has elapsed since the original infection, this 
                 variant will release the Yankee Doodle virus onto the 
                 system, resulting in an active Yankee Doodle infection. 
                 If the system user successfully removes Yankee Doodle, 
                 but doesn't remove the Slayer-E infection, Yankee Doodle 
                 will promptly reinfect the system from the Slayer-E 
                 infected programs which remain. This variant is known to 
                 be in the public domain. 

Show viruses from discovered during that infect .

Main Page