Suriv 4.02 Virus

 Virus Name:  Suriv 4.02 
 V Status:    Rare 
 Discovered:  September, 1991 
 Symptoms:    .COM file growth; TSR; programs return user to DOS prompt; 
              boot failures; message 
 Origin:      Ireland 
 Eff Length:  897 Bytes 
 Type Code:   PRsC - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, Sweep, NAV, AVTK, ChAV, 
                    F-Prot, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, NProt, AVTK/N, NAV/N, IBMAV/N, 
                    Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Suriv 4.02 virus was received from Ireland in September, 1991. 
       Suriv 4.02 is a memory resident infector of .COM files, but not 
       COMMAND.COM.  It activates on April 1st. 
       The first time a program infected with Suriv 4.02 is executed, the 
       virus will install itself memory resident as a low system memory 
       Once Suriv 4.02 is memory resident, it will infect .COM programs 
       when they are executed.  If COMMAND.COM is executed, it will also 
       become infected.  Infected .COM files increase in size by 897 bytes 
       with the virus being located at the beginning of the infected file. 
       The following text strings can be found in all infected files: 
               "Suriv 4.02" 
               "$$TMP.COM APRIL 1ST" 
       The first of these strings, "Suriv 4.02", is the infection marker 
       the virus uses to determine if the file is already infected.  It 
       is located in the fourth through thirteenth bytes of infected 
       Programs infected with Suriv 4.02 will not execute properly.  If 
       the user attempts to execute them, or execute a non infected .COM 
       program with the virus memory resident, the user will be returned 
       to the DOS prompt.  Attempts to boot from disks with an infected 
       COMMAND.COM will result in a boot failure. 
       Suriv 4.02 activates on April 1st, at which time it will display 
       the text string "APRIL 1ST" followed by blanks when the next program 
       is executed after the virus goes memory resident.  A system hang 
       will then occur, requiring the user to reboot the system. 
       See:   Suriv 1.01 

Show viruses from discovered during that infect .

Main Page