422 Overwriting Virus
Virus Name: 422 Overwriting
V Status: Rare
Discovery: March, 1993
Symptoms: .COM files corrupted; file date/time changes; TSR;
DOS DIR command output not correct; programs fail to function
Eff Length: 422 Bytes Overwriting
Type Code: PRsC - Overwriting Resident .COM Infector
Detection Method: F-Prot, Sweep, AVTK, ViruScan, IBMAV, NAV,
NAVDX, VAlert, PCScan, ChAV,
Sweep/N, NShld, AVTK/N, NProt, IBMAV/N, NAV/N, Innoc,
Removal Instructions: Delete infected files
The 422 Overwriting virus was submitted in March, 1993. Its origin
or point of isolation is unknown. 422 Overwriting is a memory
resident overwriting virus which infects .COM programs, but not
When the first 422 Overwriting infected program is executed, this
virus will install itself memory resident as a low system memory
TSR of approximately 1,120 bytes. Interrupt 21 will be hooked
by the virus in memory.
Once the 422 Overwriting virus is memory resident, it will infect
one .COM program each time a DOS DIR command is executed. The
command output of the DOS DIR command will also be affected, usually
with one .COM file name being repeated multiple times.
Programs infected with the 422 Overwriting virus will not have any
file length increase as the virus will overwrite 422 bytes located
somewhere in the middle of the host file. The one exception is that
files which were originally smaller than the virus itself will
become over 65K bytes in size after infection. The file's date and
time in the DOS disk directory will have been updated to the current
system date and time when infection occurred. No text strings are
visible within the viral code.
Programs infected with the 422 Overwriting virus will not function
properly when executed.