Troi Virus

 Virus Name:  Troi 
 V Status:    Rare 
 Discovered:  March, 1992 
 Symptoms:    .COM file growth; file date/time altered; output files may 
              not be written to disk; keyboard input characters may not 
 Origin:      Michigan, United States 
 Eff Length:  322 Bytes 
 Type Code:   PRaCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, PCScan, ChAV, 
                    Sweep, IBMAV, VAlert, NAV, NAVDX, 
                    NShld, Sweep/N, NProt, AVTK/N, IBMAV/N, Innoc, LProt, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Troi virus was isolated in the state of Michigan in the United 
       States in March, 1992.  This virus is a memory resident infector 
       of .COM files, including COMMAND.COM. 
       The first time a program infected with the Troi virus is executed, 
       this virus will install itself memory resident in available free 
       memory, hooking interrupt 21 directly in the interrupt table.  There 
       will be no change to total system and available free memory as 
       indicated by the DOS CHKDSK program. 
       After the Troi virus has become memory resident, it will infect 
       .COM programs when they are executed.  If COMMAND.COM is executed, 
       it will become infected.  Programs infected with the Troi virus 
       will have a file length increase of 322 bytes with the virus being 
       located at the end of the file.  The program's date and time in 
       the DOS disk directory will have been altered, though not to the 
       current system date.  The following text string appears in the Troi 
       virus's code within infected programs: 
               "The Troi Virus" 
       Systems infected with the Troi virus may notice that occassionally 
       characters typed on the system keyboard may not appear on the system 
       display, or that output files which should be written to disk will 
       not actually be written to the disk. 
       Known variant(s) of Troi are: 
       Troi-2: Simultaneously isolated in Finland and Australia in 
               May, 1992, this variant of Troi will only infect programs 
               after May 19, 1992.  It infects .EXE programs when they 
               are executed, adding 512 bytes to the end of the infected 
               file.  The program's date and time will not be altered in 
               the DOS disk directory listing.  One text string occurs in 
               the viral code in infected programs: 
               ">>>-Troi Two -->" 
               The virus may occassionally remap the keyboard when it is 
               memory resident. 
               Origin:  Unknown  May, 1992. 
       Troi-2B: Functionally equivalent to Troi-2, Troi-2B is a very 
               minor variant. 
               Origin:  Unknown  July, 1992. 
       Troi-2C: Functionally equivalent to Troi-2, Troi-2C is a very 
               minor variant. 
               Origin:  Unknown  February, 1993. 

Show viruses from discovered during that infect .

Main Page