Blaze Virus


 Virus Name:  Blaze 
 Aliases:    
 V Status:    Viron 
 Discovery:   April, 1992 
 Symptoms:    .COM & .EXE program corruption; file date/time changes; TSR; 
              message; boot failure 
 Origin:      Unknown 
 Eff Length:  284 Bytes 
 Type Code:   ORsAK - Overwriting Resident .COM & .EXE Infector 
 Detection Method:  Sweep, F-Prot, IBMAV, NAV, AVTK, ViruScan, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, LProt, Innoc, NProt, AVTK/N, IBMAV/N, 
                    NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Blaze virus was submitted in April, 1992.  Its origin is 
       unknown.  Blaze is a memory resident direct action infector of .COM 
       and .EXE programs, including COMMAND.COM. 
 
       When a program infected with the Blaze virus is executed, this 
       virus will infect the first two .COM and first two .EXE programs 
       located in the current directory.  If COMMAND.COM is located in 
       this directory, it may become infected.  After it has infected 
       these programs, it will install a low system memory TSR of 
       65,584 bytes.  The following message will then be displayed: 
 
               "The Eternal Blaze Virus has been unleashed...Beware!" 
               "[JD]" 
 
       Programs infected with the Blaze virus will have the first 284 
       bytes of the host program overwritten with the Blaze viral code. 
       The message indicated above can be found in infected programs. 
       There will be no change to the file's length in the DOS disk 
       directory listing, but the file's date and time will have been 
       updated to the current system date and time when infection 
       occurred. 
 
       Since the Blaze virus overwrites the beginning of the host 
       program, infected programs cannot be disinfected.  They must be 
       replaced with uninfected backup copies. 
 
       Systems infected with the Blaze virus may fail to boot.  This 
       occurs once COMMAND.COM has become infected. 
 
       Known variant(s) of Blaze are: 
       MSK: The MSK, or Midnight Serial Killer, virus is a 252 byte 
            variant of the Blaze virus.  It infects the first three .EXE 
            files in the current directory when an infected program is 
            executed, as well as overwriting the C: drive boot sector. 
            Infected programs will have the first 252 bytes overwritten 
            by the MSK viral code.  The infected file's date and time 
            in the DOS disk directory will be updated to the current 
            system date/time.  The following text strings are visible 
            within the viral code in infected programs: 
            "The Midnight Serial Killer is roaming in your computer..." 
            "Beware!" 
            "[JD]" 
            "*.exe" 
            The first text string above may be displayed when infected 
            programs are executed. 
            Origin:  Unknown  July, 1992.

Show viruses from discovered during that infect .

Main Page