Badsec Virus


 Virus Name:  Badsec 
 Aliases:     905, Backfont 
 V Status:    Rare 
 Discovery:   February, 1992 
 Symptoms:    .EXE file growth; decrease in system and available free 
              memory; bad sectors or lost clusters; unexpected accesses to 
              other than current drive; system hangs 
 Origin:      Unknown 
 Eff Length:  765 Bytes 
 Type Code:   PRhE - Parasitic Resident .EXE Infector 
 Detection Method:  AVTK, Sweep, ViruScan, F-Prot, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Badsec virus was received in February, 1992.  Its origin or 
       point of isolation is unknown.  Badsec is a memory resident infector 
       of .EXE programs. 
 
       The first time a program infected with the Badsec virus is executed, 
       this virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary.  It does not move interrupt 
       12's return.  Total system and available free memory, as indicated 
       by the DOS CHKDSK program, will have decreased by 4,384 bytes. 
       Interrupt 21 will be hooked by the virus. 
 
       Once the Badsec virus is memory resident, it will infect .EXE 
       programs when they are executed.  Infected programs will have a 
       file length increase of 765 bytes, with the virus being located at 
       the end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered. 
 
       Systems infected with the Badsec virus may notice that occassionally 
       the system will access drives other than the current drive 
       unexpectedly.  When these accesses occur, a bad sector or a lost 
       cluster may result, hence the virus' name.  System hangs may also 
       occur at this time as well. 
 
       Topsy-900: Received in July, 1992, Topsy-900 is based on the 
                  Badsec virus described above.  It is from the USSR. 
                  Topsy-900 becomes memory resident when the first infected 
                  program is executed, installing itself memory resident 
                  at the top of system memory but below the 640K DOS 
                  boundary.  Total system memory will have decreased by 
                  2,736 to 5,472 bytes, and interrupt 21 will be hooked 
                  by the virus.  Once resident, Topsy-900 may infect .EXE 
                  programs when executed, though it does this somewhat 
                  sporatically.  Infected programs will have a file length 
                  increase of 900 bytes with the virus being located at the 
                  end of the file. 
                  Origin:  USSR  July, 1992. 
 
       See:  BackFont-896

Show viruses from discovered during that infect .

Main Page