Solano 2000 Virus

 Virus Name:  Solano 2000 
 Aliases:     Dyslexia 2.01, Solano 
 V Status:    Rare 
 Discovered:  March, 1990 
 Symptoms:    .COM growth; TSR; unusual file errors 
 Origin:      California, United States 
 Eff Length:  2,000 Bytes 
 Type Code:   PRsC - Resident Parasitic .COM Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, Sweep, IBMAV, PCScan, 
                    NAV, NAVDX, VAlert, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Solano 2000 virus was first isolated in Solano County, 
       California in mid-March 1990 by Edward Winters.  The virus may also 
       be known by the name Dyslexia virus V2.01, which can be produced by 
       negating some null terminated bytes within the viral code.  Using 
       the same technique, what appears to be the creation date of the 
       virus, 08FEB90, can be produced.  The information regarding the 
       information produced by negation of bytes was determined by Jay 
       Parangalan of Solano County. The Solano 2000 virus is a generic 
       .COM file infector.  The first time an infected .COM file is 
       executed on the system, the virus installs itself memory resident, 
       then proceeds to infect every .COM file that is executed.  Infected 
       programs can be manually identified by using a sector editor to 
       view the file.  Bytes 1168 through 1952 will consist of '(' or 28h 
       Some programs, such as DISKCOPY.COM which is included on all DOS 
       diskettes, will not run after being infected with this virus, 
       instead an "invalid drive specification" message will be 
       displayed.  This message is not in the viral code, but is due to an 
       error condition being induced due to the virus's presence. The 
       virus-induced error occurring with the DiskCopy program was how the 
       virus was first spotted and eventually isolated. 
       When Solano is memory resident, it will take up 3K of RAM memory. 
       The Solano 2000 virus does no apparent system damage, however it 
       does check the video buffer occasionally, and may transpose numbers 
       if they are found in certain locations.  This effect, however, was 
       not experienced on the author's system in researching this virus. 
       There have also been reports that instead of transposing numeric 
       characters, the Solano virus may change color attributes on the 
       display screen when it is active in memory. 
       Known variant(s) of Solano 2000 are: 
       Dyslexia 2.00: same as Solano 2000, except that the 28h characters 
                      are now binary zeros.  The attempted transposing of 
                      numeric characters in video memory has also been 
                      slowed down.  The creation date appears to be 
                      22JAN90 instead of 08FEB90. 
       Solano 2000-B: same as Solano 2000, except the 28h characters have 
                      been changed to DAh characters, and are located in 
                      bytes 1168 through 1912 in infected files. 
       Solano D: Similar to the original Solano, this variant has had 
                      its encryption slightly altered in order to avoid 
                      detection.  The 28h characters have also been changed 
                      to 00h characters. 
       Subliminal 1.10: A very early version of the Solano 2000 virus, 
                      this variant infects any .COM programs which are 
                      executed after the virus has become memory resident. 
                      Infected programs will have a file length increase of 
                      1,496 bytes.  With the virus memory resident, the 
                      system monitor will appear to flicker.  What is 
                      occurring is that the virus is attempting to flash 
                      the message "LOVE, REMEMBER?" in the lower left 
                      portion of the display for a subliminal duration. 
                      The actual amount of time the message displays on the 
                      screen varies due to CPU speed differences. 

Show viruses from discovered during that infect .

Main Page