Beware Virus


 Virus Name:  Beware 
 Aliases:    
 V Status:    Rare 
 Discovery:   January, 1992 
 Symptoms:    .COM file growth; disk corruption 
 Origin:      Moscow, USSR 
 Eff Length:  442 Bytes 
 Type Code:   PNC - Parasitic Non-Resident .COM Infector 
 Detection Method:  Sweep, ViruScan, F-Prot, NAV, AVTK, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Beware virus was received in January, 1992.  It appears to have 
       originated from Moscow.  Beware is a non-resident, direct action 
       infector of .COM programs.  It does not infect COMMAND.COM. 
 
       When a program infected with the Beware virus is executed, the 
       Beware virus will search the current directory for an uninfected 
       .COM file other than COMMAND.COM over approximately 2K in size to 
       infect.  If it is found, the Beware virus will infect it. 
 
       Programs infected with the Beware virus will have a file length 
       increase of 442 bytes.  The virus will be located at the end of the 
       infected program.  The file's date and time in the DOS disk directory 
       listing will not have been altered.  The following text strings 
       can be found within the viral code in all Beware infected programs: 
 
               "BEWARE ME - 0.01," 
               "Copr (c) DarkGraveSoft - Moscow 1990" 
 
       The Beware virus activates on the first Monday of any month, at which 
       time it will overwrite sectors on the current drive.

Show viruses from discovered during that infect .

Main Page