Sterculius Virus


 Virus Name:  Sterculius 
 Aliases:     Sterculius.280, Sterculius I 
 V Status:    Rare 
 Discovered:  February, 1994 
 Symptoms:    .COM file growth 
 Origin:      Unknown 
 Eff Length:  280 Bytes 
 Type Code:   PRaCK - Parasitic Resident .COM Infector 
 Detection Method:  F-Prot, ViruScan, AVTK, IBMAV, Sweep, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, AVTK/N, NProt, Sweep/N, IBMAV/N, NAV/N, LProt, 
                    Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Sterculius virus was received in February, 1994.  Its origin or 
       point of isolation is unknown.  Sterculius is a memory resident 
       infector of .COM programs, including COMMAND.COM.  A later version 
       of this virus can also infect .EXE programs. 
 
       When the first Sterculius infected program is executed, this virus 
       will install itself memory resident in low allocated system memory, 
       hooking interrupt 21.  Total system and available free memory, as 
       indicated by the DOS CHKDSK program, will not be changed. 
 
       Once the Sterculius virus is memory resident, it will infect .COM 
       programs when they are executed.  Infected programs will have a file 
       length increase of 280 bytes with the virus being located at the end 
       of the file.  The program's date and time in the DOS disk directory 
       listing will not be altered.  One text string is visible within the 
       viral code in all infected programs: 
 
               "STERCULIUS" 
 
       Known variant(s) of Sterculius are: 
       Sterculius.240: Received in January, 1995, Sterculius.240 is a 
                 240 byte variant of the Sterculius virus described above. 
                 It infects .COM files, including COMMAND.COM, when they 
                 are executed.  Infected files increase in size by 240 
                 bytes with the virus being located at the end of the file. 
                 The following text string can be found within the viral 
                 code in all infected programs: 
                 "STERCULIUS" 
                 Origin:  Unknown  January, 1995. 
       Sterculius.266: Received in February, 1995, Sterculius.266 is a 
                 266 byte variant of the Sterculius virus described above. 
                 It infects .COM files, including COMMAND.COM, when they 
                 are executed.  Infected files increase in size by 266 
                 bytes with the virus being located at the end of the file. 
                 No text strings are visible within the viral code.  This 
                 variant may clear the system display, then display a green 
                 streak which steps across the screen accompanied by beeping. 
                 Origin:  Unknown  February, 1995. 
       Sterculius.428: Similar to the Sterculius.440 variant, this 
                 variant infects both .COM and .EXE files.  Infected 
                 programs will have a file length increase of 428 bytes with 
                 the virus being located at the end of the file.  The 
                 program's date and time in the DOS disk directory listing 
                 will have been updated to the current system date and time 
                 when infection occurred.  The following text string can be 
                 found within the viral code in all infected programs: 
                 "STERCULIUS ][" 
                 Origin:  Unknown  July, 1995. 
       Sterculius.440: Also known as Sterculius II, this variant can 
                 also infect .EXE programs.  Infected programs will have 
                 a file length increase of 440 bytes with the virus being 
                 located at the end of the file.  The program's date and 
                 time in the DOS disk directory listing will have been 
                 updated to the current system date and time when infection 
                 occurred.  The following text string can be found within 
                 the viral code in all infected programs: 
                 "STERCULIUS ][" 
                 Origin:  Unknown  February, 1994. 
       Sterculius.456: Similar to the Sterculius.440 variant, this 
                 variant infects both .COM and .EXE files.  Infected 
                 programs will have a file length increase of 456 bytes with 
                 the virus being located at the end of the file.  The 
                 program's date and time in the DOS disk directory listing 
                 will not be altered.  The following text string can be 
                 found within the viral code in all infected programs: 
                 "STERCULIUS ][" 
                 Origin:  Unknown  January, 1996. 
       Sterculius.458: Similar to the Sterculius.456 variant, this 
                 variant infects both .COM and .EXE files.  Infected 
                 programs will have a file length increase of 458 bytes with 
                 the virus being located at the end of the file.  The 
                 program's date and time in the DOS disk directory listing 
                 will have been updated to the current system date and time 
                 when infection occurred.  The following text string can be 
                 found within the viral code in all infected programs: 
                 "STERCULIUS ][" 
                 Origin:  Unknown  January, 1996. 
       Sterculius.474: Similar to the Sterculius.456 variant, this 
                 variant infects both .COM and .EXE files.  Infected 
                 programs will have a file length increase of 474 bytes with 
                 the virus being located at the end of the file.  The 
                 program's date and time in the DOS disk directory listing 
                 will not be altered.  The following text string can be 
                 found within the viral code in all infected programs: 
                 "STERCULIUS ][" 
                 Origin:  Unknown  January, 1996.

Show viruses from discovered during that infect .

Main Page