Appelscha Virus

 Virus Name:  Appelscha 
 V Status:    New 
 Discovery:   July, 1994 
 Symptoms:    .COM & .EXE growth; system hangs; 
              possible file date/time changes; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  2,161 Bytes 
 Type Code:   PRtA - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, IBMAV, AVTK, ViruScan, Sweep, 
                    NAVDX, VAlert, NAV, 
                    AVTK/N, Sweep/N, IBMAV/N, NShld, NAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Appelscha virus was submitted in July, 1994.  Its origin or point 
       of isolation is unknown.  Appelscha is a memory resident infector of 
       .COM and .EXE files, but not COMMAND.COM. 
       When the first Appelscha infected program is executed, this virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 2,480 bytes.  Interrupt 21 will be 
       hooked by the virus in memory. 
       Once the Appelscha virus is memory resident, it will infect .COM and 
       .EXE files when they are executed.  Infected files will have a file 
       length increase of 2,161 bytes with the virus being located at the 
       end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  The following text string is 
       encrypted within the viral code: 
       The Appelscha virus will occassionally reinfect a previously infected 
       file, adding an additional 2,161 bytes to the file's length. 
       System hangs may occur when infected programs are executed.  The 
       virus will also occassionally change the file date and time in the 
       DOS disk directory listing when it infects or reinfects files. 

Show viruses from discovered during that infect .

Main Page