Virus Name: Brainy
V Status: Rare
Discovery: November, 1991
Symptoms: .COM file growth; decrease in total system & available
free memory; system hangs
Eff Length: 768 - 1,531 Bytes
Type Code: PRsCK - Parasitic Resident .COM Infector
Detection Method: AVTK, Sweep, F-Prot, NAV, ViruScan, IBMAV, NAVDX,
VAlert, PCScan, ChAV,
NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N,
Removal Instructions: Delete infected files
The Brainy virus was received in November, 1991. It is originally
from Bulgaria. Brainy is a memory resident infector of .COM
programs, including COMMAND.COM. It is based on the Warrior virus.
The first time a program infected with Brainy is executed, the
Brainy virus will install itself memory resident at the top of
system memory but below the 640K DOS boundary. Interrupt 21 will
be hooked by the Brainy virus. Interrupt 12's return will not have
been moved. Total system and available free memory, as indicated
by the DOS CHKDSK program, will have decreased by 1,552 bytes.
After the Brainy virus has installed itself memory resident, it will
infect all .COM programs which are executed, including COMMAND.COM.
Infected programs will have a file length increase of 768 to
1,531 bytes. Unlike most viruses, the Brainy virus will have
inserted itself into the file, possibly in the middle. The following
text string can be found at the end of the viral code in all
Brainy infected programs:
Brainy infected programs will usually not execute properly on a
386 based processor, and may hang the system.
It is unknown if Brainy does anything besides replicate.