Virus Name: Baclab
Aliases: Baclab.2138, Crawber.2138, NTU.T4
V Status: In The Wild
Discovery: July, 1996
Symptoms: .EXE file growth; decrease in available free memory;
DOS CHKDSK file allocation errors;
file date/time seconds = "30"
Eff Length: 2,138 - 2,152 Bytes
Type Code: PRhE - Parasitic Resident .EXE Infector
Detection Method: F-Prot, AVTK, IBMAV, ViruScan, PCScan,
NAV, NAVDX, ChAV,
Innoc, NProt, AVTK/N, IBMAV/N, LProt,
Removal Instructions: Delete infected files
The Baclab, Baclab, Crawber.2138, or NTU.T4 virus was received in
July, 1996. Its origin or point of isolation is unknown. This
virus has been reported to be "in the wild" by several anti-viral
researchers as of July, 1996. Baclab is a memory resident, size
stealthing virus which infects .EXE files, though not very small
When the first Baclab infected program is executed, this virus will
install itself memory resident at the top of system memory but below
the 640K DOS boundary, not moving interrupt 12's return. Available
free memory, as indicated by the DOS CHKDSK program from DOS 5.0,
will have decreased by 2,560 bytes. No interrupts will be mapped
by memory mapping utilities to the virus in memory.
Once the Baclab virus is memory resident, it will infect .EXE files
when they are executed. Infected files will have a file length
increase of 2,138 to 2,152 bytes with the virus being located at
the end of the file. The program's date and time in the DOS disk
directory listing will not appear to be altered, though the seconds
field will have been set to "30". The following text strings are
encrypted within the viral code:
"T4 virion ------- by NTU BACTERIOPHAGE LAB"
"There Once Was A King, Who Called For The Spring"
"For His World Was Still Covered In Snow"
"But The Spring Had Not Been, For He Was Wicked And Mean ..."
"Here I'm Sitting And It's Getting Cold"
"The Morning Rains Against My Window Pane"
"While The World Looks So Cold And Grey"
"In My Mind I Dream Away"
"Then I'm On My Way To Tropic Islands"
"You'd Always Say I Was A Dreamer"
"You Were Right"
"What Do I Say When It's All Over ?"
"And SORRY Seems To Be The Hardest Word ..."
It is unknown what the Baclab virus does besides replicate.