Black Hawk Virus


 Virus Name:  Black Hawk 
 Aliases:    
 V Status:    New 
 Discovery:   December, 1994 
 Symptoms:    .COM file growth; file date/time seconds = "62"; 
              beeping on December 25th; 
              decrease in total system & available free memory 
 Origin:      United States 
 Eff Length:  826 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, IBMAV, NAV, Sweep, 
                    NAVDX, VAlert, ChAV, PCScan, 
                    IBMAV/N, NShld, AVTK/N, Sweep/N, NAV/N, NProt, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Black Hawk virus was received in December, 1994, and is from the 
       United States.  Black Hawk is a memory resident infector of .COM 
       files, including COMMAND.COM.  It activates when the virus becomes 
       memory resident on December 25th of any year, at which time it will 
       emit beeping on the system speaker. 
 
       When the first Black Hawk infected program is executed, this virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program from DOS 3.30 will have decreased by 18,416 bytes.  Interrupt 
       21 will be hooked by the virus in memory. 
 
       Once the Black Hawk virus is memory resident, it will infect .COM 
       programs when they are executed.  Infected programs will have a file 
       length increase of 826 bytes with the virus being located at the end 
       of the file.  The program's date and time in the DOS disk directory 
       listing will not appear to be altered, though the seconds field will 
       have been set to "62", the infection marker for the virus.  The 
       following text string is encrypted within the viral code: 
 
               "[NuKE] N.R.L.G. AZRAEL"

Show viruses from discovered during that infect .

Main Page