Sov Virus


 Virus Name:  Sov 
 Aliases:     Leningrad, Sov-545, Sov-602 
 V Status:    Rare 
 Discovered:  December, 1991 
 Symptoms:    .COM file growth 
 Origin:      Unknown 
 Eff Length:  See Below 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, Sweep, AVTK, PCScan, ChAV, 
                    F-Prot, NAV, IBMAV, NAVDX, VAlert, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
  
 General Comments: 
       The Sov virus is actually two viruses received in December, 1991. 
       Their origin is unknown.  Both viruses are non-resident, direct 
       action infectors of .COM programs, including COMMAND.COM.  Since 
       their characteristics are similar, they will be described jointly 
       as Sov, with their differences noted under variants below. 
 
       When a Sov infected program is executed, the Sov virus will infect 
       one .COM file located in the current directory.  If COMMAND.COM 
       is located in this directory, it may become infected.  Sov infected 
       programs will have a file length increase which depends on which 
       of the viruses is present (see below).  The virus will be located 
       at the end of the file.  There will be no change to the file's 
       date and time in the DOS disk directory listing. 
 
       It is unknown if the Sov viruses do anything besides replicate. 
 
       Known Sov viruses are: 
       Sov-545: One of the two Sov viruses received in December, 1991, 
                this variant adds 545 to 599 bytes to the files it 
                infects.  The following text strings will be found in the 
                viral code in infected files: 
                "*.COM" 
                "PATH=" 
                "That could be a crash, crash, crash" 
       Sov-602: One of the two Sov viruses received in December, 1991, 
                this variant adds 602 to 616 bytes to the files it 
                infects.  The following text strings will be found in the 
                viral code in infected files: 
                "*.COM" 
                "PATH=" 
 
       See:   Leningrad II 

Show viruses from discovered during that infect .

Main Page