Trooper Virus

 Virus Name:  Trooper 
 Aliases:     Trooper.2259 
 V Status:    New 
 Discovered:  December, 1996 
 Symptoms:    .COM & .EXE growth; file date time decades = "5"; 
              decrease in available free memory; 
              DOS CHKDSK "Invalid drive specification" error 
 Origin:      Hungary 
 Eff Length:  2,259 - 2,273 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  NAV, NAVDX, AVTK, ViruScan 3.02+, 
                    NAV/N, AVTK/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Trooper virus was received in December, 1996, and is originally 
       from Hungary.  The virus is a memory resident infector of .COM and 
       .EXE files, including COMMAND.COM. 
       When the first Trooper infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory will have decreased by approximately 3,408 bytes. 
       Interrupt 21 will be hooked by the virus in memory. 
       Once the Trooper virus is memory resident, it will infect .COM and 
       .EXE files, including COMMAND.COM, when they are executed.  Infected 
       programs will have a file length increase of 2,259 to 2,273 bytes 
       with the virus being located at the end of the file.  The file's 
       date and time in the DOS disk directory listing will have been 
       altered so that the decades field of the year will be "5".  The 
       following text strings are visible within the viral code: 
           "TROOPER V1.0 Hungary-7500EXECOMCLIPPERCOMSPEC" 
       This virus will interfer with the execution of the DOS CHKDSK 
       program from DOS 5.0.  Attempts to run CHKDSK with the virus 
       memory resident will result in an "Invalid drive specification" 
       error message being displayed. 

Show viruses from discovered during that infect .

Main Page