Tomato Virus


 Virus Name:  Tomato 
 Aliases:    
 V Status:    Rare 
 Discovery:   August, 1992 
 Symptoms:    .COM & .EXE file growth; system hangs; unusual error messages 
 Origin:      Unknown 
 Eff Length:  2,156 - 2,171 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, AVTK, IBMAV, NAV, 
                    NAVDX, VAlert, ChAV, 
                    NShld, Sweep/N, NProt, AVTK/N, IBMAV/N, Innoc, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Tomato virus was received in August, 1992.  Its origin or 
       point of isolation is unknown.  Tomato is a memory resident 
       infector of .COM and .EXE programs, including COMMAND.COM. 
 
       The first time a program infected with the Tomato virus is 
       executed, the Tomato virus will install itself memory resident 
       at the top of system memory but below the 640K DOS boundary. 
       Total system and available free memory, as indicated by the 
       DOS CHKDSK program, will have decreased by 2,736 bytes. 
       Interrupts 09, 13, and 28 will be hooked by Tomato in memory. 
 
       Once the Tomato virus is memory resident, it will occassionally 
       infect .COM and .EXE programs when they are executed.  If 
       COMMAND.COM is executed, it may become infected.  Programs 
       infected with the Tomato virus will have a file length increase 
       of 2,156 to 2,171 bytes with the virus being located at the 
       end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered. 
 
       The following text strings are visible within the Tomato virus' 
       code in infected programs: 
 
               "TOMATO!!!" 
               "Praise the tomato! God save the tomato" 
               "Big tomato is watching you Big Tomato says:" 
               "Fighting for peace" 
               "is like fucking for virginity TOMATO says:" 
               "the pope suffers from AIDS Big Tomato says:" 
               "NO MERCY have you ever danced with the devil" 
               "under the red light of a big tomato ?" 
               "pray for your disks . . . Call McAfee (408) 988-3832" 
               "if you experience problems with this new virus" 
               "from Tomato Systems Inc ...." 
               "\VIRUS \DOS *.EXE *.COM COMMAND.COM tomato.tmp" 
 
       Systems infected with the Tomato virus may experience system 
       hangs or unusual error messages when programs are executed. 
       For example, the DOS CHKDSK program will get the message 
       "Cannot CHKDSK a Network drive" when it is executed even though 
       it is not on a networked system.

Show viruses from discovered during that infect .

Main Page