Bad Sectors 1.2 Virus


 Virus Name:  Bad Sectors 1.2 
 Aliases:     Bad Sectors 
 V Status:    Rare 
 Discovery:   June, 1993 
 Symptoms:    .COM & .EXE growth; slow system response; file corruption; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  3,430 - 3,443 Bytes 
 Type Code:   PRtAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, IBMAV, AVTK, Sweep, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, NProt, IBMAV/N, AVTK/N, Sweep/N, Innoc, NAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Bad Sectors 1.2 virus was received in June, 1993.  Its origin 
       or point of isolation is unknown.  This virus is a memory resident 
       infector of .COM and .EXE programs, including COMMAND.COM.  It 
       displays some stealth characteristics, though is not a full stealth 
       virus. 
 
       When the first Bad Sectors 1.2 infected program is executed, this 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, moving interrupt 12's 
       return.  Total system and available free memory, as indicated by the 
       DOS CHKDSK program, will have decreased by 5,120 bytes.  Interrupts 
       08, 16, 21, 25, and 26 will be hooked by the virus in memory. 
 
       Once memory resident, the Bad Sectors 1.2 virus will infect .COM and 
       .EXE programs when they are executed.  It will also infect one .COM 
       or .EXE program in the directory being accessed each time a DOS DIR 
       command is issued. 
 
       Bad Sectors 1.2 infected programs will have a file length increase 
       of 3,430 to 3,443 bytes with the virus being located at the end of 
       the file.  This file length increase, however, will be hidden when 
       the virus is memory resident.  The file's date and time in the DOS 
       disk directory listing will not be altered.  The following text 
       strings are visible within the viral code in all Bad Sectors 1.2 
       infected programs: 
 
               "BadSectors 1.2" 
               "COMEXE" 
               "*.*" 
 
       Systems infected with this virus will experience sluggish or slow 
       response time, particularly with regard to the DOS DIR command. 
       Random file corruption may also occur. 
 
       Known variant(s) of Bad Sectors 1.2 are: 
       Bad Sectors.3422: Received in February, 1995, this variant's size 
           in memory is also 5,120 bytes, hooking interrupts 08, 16, 21, 25, 
           and 26.  It infects .COM and .EXE files, including COMMAND.COM, 
           when they are opened or when a DOS DIR command is issued. 
           Infected programs will have a file length increase of 3,422 to 
           3,436 bytes with the virus being located at the end of the file. 
           The program's date and time in the DOS disk directory listing 
           will not be altered.  The following text strings are visible 
           within the viral code in all infected programs: 
               "BadSectors 1.1" 
               "COMEXE" 
               "SCAN" 
               "*.*" 
           Origin:  Unknown  February, 1995.

Show viruses from discovered during that infect .

Main Page