Tao Cheng Virus


 Virus Name:  Tao Cheng 
 Aliases:     XIA 
 V Status:    Rare 
 Discovered:  January, 1993. 
 Symptoms:    .COM & .EXE growth; decrease in total system & available free 
              memory; system hangs; video mode altered; boot failure; 
              garbage characters written to system display; 
              unexpected system reboots 
 Origin:      Unknown 
 Eff Length:  1,295 Bytes 
 Type Code:   PRtAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  AVTK, F-Prot, Sweep, ViruScan, IBMAV, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    Sweep/N, NShld, NProt, AVTK/N, NAV/N, IBMAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Tao Cheng virus was submitted in January, 1993.  Its origin or 
       point of isolation is unknown.  Tao Cheng is a memory resident 
       infector of .COM and .EXE programs, including COMMAND.COM. 
 
       When the first Tao Cheng infected program is executed, the Tao Cheng 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, moving interrupt 12's return. 
       Total system and available free memory, as indicated by the DOS 
       CHKDSK program, will have decreased by 3,072 bytes.  Interrupt 21 
       will be hooked by the Tao Cheng virus is memory. 
 
       Once the Tao Cheng virus is memory resident, it will infect .COM 
       and .EXE programs when they are executed.  Infected programs will 
       have a file length increase of 1,295 bytes with the virus being 
       located at the end of the file.  The program's date and time in 
       the DOS disk directory listing will not be altered.  The following 
       text strings are encrypted within the Tao Cheng viral code: 
 
               "TheDraw COM file Screen Save" 
               "Unsupported Video Mode" 
               "[Tao Cheng] Tommy Chong" 
 
       The author of the "TheDraw" program had nothing to do with the 
       creation of this virus.  The first two strings above are in the 
       virus due to use of TheDraw to create part of the viral display. 
 
       Systems infected with the Tao Cheng virus will experience a number 
       of symptoms.  Frequent system hangs will occur when programs are 
       executed.  These hangs may be accompanied with the display of 
       colored squares containing random characters on the system monitor. 
       The system video mode may be switched.  Unexpected system reboots 
       may occur, as well as boot failures once the boot copy of COMMAND.COM 
       becomes infected.  Memory allocation errors may also occur, 
       accompanied by a message that COMMAND cannot be loaded, and the 
       system has been halted.

Show viruses from discovered during that infect .

Main Page