Zombie Virus


 Virus Name:  Zombie 
 Aliases:    
 V Status:    New 
 Discovered:  July, 1993 
 Symptoms:    .COM file growth; possible hard disk corruption; 
              decrease in total system & available free memory 
 Origin:      Denmark 
 Eff Length:  747 Bytes 
 Type Code:   PRhC - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, IBMAV, Sweep, NAVDX, 
                    NAV, VAlert, PCScan, 
                    NShld, AVTK/N, NProt, Sweep/N, IBMAV/N, NAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Zombie virus was received in July, 1993.  It is originally from 
       Denmark.  Zombie is a memory resident infector of .COM programs, but 
       not COMMAND.COM.  In advanced infections, hard disk corruption may 
       occur. 
 
       When the first Zombie infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 768 bytes.  Interrupt 21 will be 
       hooked by the virus in memory. 
 
       Once the Zombie virus is memory resident, it will infect .COM 
       programs, other than those with an "M" as the 3rd or 4th character 
       of the file name, when they are executed.  Infected programs will 
       have a file length increase of 747 bytes with the virus being 
       located at the end of the program.  The file's date and time in the 
       DOS disk directory listing will not be altered.  The following text 
       string is visible within the viral code in all Zombie infected 
       programs: 
 
               "Zombie - Danish woodoo hackers (14AUG91)" 
 
       After the 16th generation of the Zombie virus, this virus will 
       write to the system hard disk, possibly resulting in hard disk 
       corruption.  The sectors overwritten are Side 0, Cylinder 0, 
       Sectors 2 through 4. 

Show viruses from discovered during that infect .

Main Page