Virus Name: Bryansk
V Status: Rare
Discovery: November, 1992
Symptoms: .COM file growth; message; Read-Only attribute set
Eff Length: 673 Bytes
Type Code: PNCK - Parasitic Non-Resident .COM Infector
Detection Method: AVTK, F-Prot, ViruScan, Sweep, IBMAV,
NAV, NAVDX, VAlert, PCScan, ChAV,
NShld, Sweep/N, NProt, AVTK/N, NAV/N, IBMAV/N, Innoc,
Removal Instructions: Delete infected files
The Bryansk virus was submitted in November, 1992. It is originally
from the USSR. Bryansk is a non-resident, direct action infector of
.COM programs, including COMMAND.COM.
When a program infected with the Bryansk virus is executed, the
Bryansk virus will check the current system date and time. If it is
not a Friday before 15:00 (3:00PM), the virus will infect one .COM
program located in the current directory. If an uninfected .COM
file cannot be found in the current directory, it will move upward
in the directory structure searching for a .COM program to infect
until it reaches the root directory.
Programs infected with the Bryansk virus will have a file length
increase of 673 bytes. The virus will be located at the end of the
infected file. The program's date and time in the DOS disk directory
listing will not be altered. The following text string can be found
within the viral code in all Bryansk infected programs:
"BRYANSK 1992, BITE 0.01 (C)"
On any Friday before 15:00 (3:00PM), the Bryansk virus will not
infect files, instead it will set the Read-Only attribute on for
files using the file specification "*.*".