Yafo Virus


 Virus Name:  Yafo 
 Aliases:     Mog, Macabi 
 V Status:    Rare 
 Discovered:  May, 1992 
 Symptoms:    .COM file growth; file date/time changed to 2-15-91 12:00a; 
              message displayed 
 Origin:      Unknown 
 Eff Length:  328 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, Sweep, F-Prot, AVTK, ChAV, 
                    IBMAV, NAV, NAVDX, VAlert, PCScan, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Yafo, or Mog, virus was submitted in May, 1992.  Its origin or 
       point of isolation is unknown.  Yafo is a non-resident, direct 
       action infector of .COM programs, including COMMAND.COM. 
 
       When a program infected with the Yafo virus is executed, the Yafo 
       virus will infect all .COM programs located in the current directory. 
       If COMMAND.COM is located in this directory, it will be infected. 
       Once the virus has infected all of the .COM files in the directory, 
       it will display the following message and then the host program will 
       continue to execute: 
 
               "Maccabi Yafo Alufa !!!" 
 
       Programs infected with the Yafo virus will have a file length 
       increase of 328 bytes with the virus being located at the end of the 
       file.  The file's date and time in the DOS disk directory listing 
       will have been altered to 2-15-91 12:00a.  The message displayed by 
       the virus is not visible within the viral code in infected programs 
       as it is encrypted.  Once text string is visible within the viral 
       code in infected programs: 
 
               "*.COM"

Show viruses from discovered during that infect .

Main Page