Virus Name: Beware
V Status: Rare
Discovery: January, 1992
Symptoms: .COM file growth; disk corruption
Origin: Moscow, USSR
Eff Length: 442 Bytes
Type Code: PNC - Parasitic Non-Resident .COM Infector
Detection Method: Sweep, ViruScan, F-Prot, NAV, AVTK, IBMAV,
NAVDX, VAlert, PCScan, ChAV,
NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N,
Removal Instructions: Delete infected files
The Beware virus was received in January, 1992. It appears to have
originated from Moscow. Beware is a non-resident, direct action
infector of .COM programs. It does not infect COMMAND.COM.
When a program infected with the Beware virus is executed, the
Beware virus will search the current directory for an uninfected
.COM file other than COMMAND.COM over approximately 2K in size to
infect. If it is found, the Beware virus will infect it.
Programs infected with the Beware virus will have a file length
increase of 442 bytes. The virus will be located at the end of the
infected program. The file's date and time in the DOS disk directory
listing will not have been altered. The following text strings
can be found within the viral code in all Beware infected programs:
"BEWARE ME - 0.01,"
"Copr (c) DarkGraveSoft - Moscow 1990"
The Beware virus activates on the first Monday of any month, at which
time it will overwrite sectors on the current drive.