Virus Name: Tamanna
V Status: New
Discovered: February, 1994.
Symptoms: .COM & .EXE growth; Read Only Attribute set on files;
decrease in total system & available free memory
Eff Length: 1,857 - 1,872 Bytes
Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector
Detection Method: F-Prot, AVTK, ViruScan, IBMAV, Sweep, NAVDX, NAV,
NShld, AVTK/N, NProt, Sweep/N, IBMAV/N, NAV/N, LProt
Removal Instructions: Delete infected files
The Tamanna virus was received in February, 1994. Its origin or point
of isolation is unknown. Tamanna is a memory resident infector of
.COM and .EXE programs, including COMMAND.COM.
When the first Tamanna infected program is executed, the Tamanna
virus will install itself memory resident at the top of system
memory but below the 640K DOS boundary, hooking interrupts 1C and 21.
Interrupt 12's return will not be moved. Total system and
available free memory, as indicated by the DOS CHKDSK program,
will have decreased by 1,888 bytes.
Once the Tamanna virus is memory resident, it will infect .COM and
.EXE programs when they are executed. Infected programs will have a
file length increase of 1,857 to 1,872 bytes with the virus being
located at the end of the file. The program's date and time in the
DOS disk directory listing will not be altered, but the read only
attribute will be set. The following text strings are encrypted
within the Tamanna viral code in all infected programs:
"Facts need no recognition"
"A silent friend"
"Press T to reconcile with my Wish"
"OK carry on >>"
"File has been modified"
"Standby while rebooting"
It is unknown what Tamanna may do besides replicate.