Virus Name: Blaze
V Status: Viron
Discovery: April, 1992
Symptoms: .COM & .EXE program corruption; file date/time changes; TSR;
message; boot failure
Eff Length: 284 Bytes
Type Code: ORsAK - Overwriting Resident .COM & .EXE Infector
Detection Method: Sweep, F-Prot, IBMAV, NAV, AVTK, ViruScan,
NAVDX, VAlert, PCScan, ChAV,
NShld, Sweep/N, LProt, Innoc, NProt, AVTK/N, IBMAV/N,
Removal Instructions: Delete infected files
The Blaze virus was submitted in April, 1992. Its origin is
unknown. Blaze is a memory resident direct action infector of .COM
and .EXE programs, including COMMAND.COM.
When a program infected with the Blaze virus is executed, this
virus will infect the first two .COM and first two .EXE programs
located in the current directory. If COMMAND.COM is located in
this directory, it may become infected. After it has infected
these programs, it will install a low system memory TSR of
65,584 bytes. The following message will then be displayed:
"The Eternal Blaze Virus has been unleashed...Beware!"
Programs infected with the Blaze virus will have the first 284
bytes of the host program overwritten with the Blaze viral code.
The message indicated above can be found in infected programs.
There will be no change to the file's length in the DOS disk
directory listing, but the file's date and time will have been
updated to the current system date and time when infection
Since the Blaze virus overwrites the beginning of the host
program, infected programs cannot be disinfected. They must be
replaced with uninfected backup copies.
Systems infected with the Blaze virus may fail to boot. This
occurs once COMMAND.COM has become infected.
Known variant(s) of Blaze are:
MSK: The MSK, or Midnight Serial Killer, virus is a 252 byte
variant of the Blaze virus. It infects the first three .EXE
files in the current directory when an infected program is
executed, as well as overwriting the C: drive boot sector.
Infected programs will have the first 252 bytes overwritten
by the MSK viral code. The infected file's date and time
in the DOS disk directory will be updated to the current
system date/time. The following text strings are visible
within the viral code in infected programs:
"The Midnight Serial Killer is roaming in your computer..."
The first text string above may be displayed when infected
programs are executed.
Origin: Unknown July, 1992.