Blinker Virus


 Virus Name:  Blinker 
 Aliases:     Blinker-496, Prague.Blinker 
 V Status:    Rare 
 Discovery:   November, 1991 
 Symptoms:    .COM file growth; decrease in total system and available 
              free memory; spurious error messages 
 Origin:      Prague, Czechoslovakia 
 Eff Length:  512 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, Sweep, AVTK, F-Prot, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Blinker virus was submitted in November, 1991.  It originated in 
       Prague, Czechoslovakia.  Blinker is a memory resident infector of 
       .COM programs, including COMMAND.COM.  It is based on the BackTime 
       virus, and anti-viral programs may identify it as such. 
 
       The first time a program infected with Blinker is executed, the 
       Blinker virus will install itself memory resident at the top of 
       system memory but below the 640K DOS boundary.  Total system and 
       available free memory, as indicated by the DOS CHKDSK program, will 
       have decreased by 528 bytes.  Interrupts 08 and 21 will be hooked 
       by Blinker in memory.  Interrupt 12's return will not have been 
       moved. 
 
       After Blinker is memory resident, it will infect any .COM program 
       which is executed.  If COMMAND.COM is executed, it will become 
       infected as well.  Blinker infected programs will have a file 
       length increase of 512 bytes.  The virus will be located at the 
       end of the infected file.  There will be no change to the file's 
       date and time in the DOS disk directory. 
 
       It is unknown what Blinker does besides replicate. 
 
       Known variant(s) of Blinker are: 
       Blinker-496: Blinker-496 is a 496 byte variant of the Blinker 
               virus described above.  It contains the text string "Joker". 
               Systems infected with this variant may receive the following 
               error meesages for no apparent reason when the virus is 
               memory resident, both of which require a response from the 
               system user to abort, retry, ignore, or fail: 
 
               "Bad command  error reading device CON" 
               "Bad command  error writing device CON" 
 
       See:   BackTime   Shaker 

Show viruses from discovered during that infect .

Main Page