Bryansk Virus


 Virus Name:  Bryansk 
 Aliases:    
 V Status:    Rare 
 Discovery:   November, 1992 
 Symptoms:    .COM file growth; message; Read-Only attribute set 
 Origin:      USSR 
 Eff Length:  673 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  AVTK, F-Prot, ViruScan, Sweep, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, NProt, AVTK/N, NAV/N, IBMAV/N, Innoc, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Bryansk virus was submitted in November, 1992.  It is originally 
       from the USSR.  Bryansk is a non-resident, direct action infector of 
       .COM programs, including COMMAND.COM. 
 
       When a program infected with the Bryansk virus is executed, the 
       Bryansk virus will check the current system date and time.  If it is 
       not a Friday before 15:00 (3:00PM), the virus will infect one .COM 
       program located in the current directory.  If an uninfected .COM 
       file cannot be found in the current directory, it will move upward 
       in the directory structure searching for a .COM program to infect 
       until it reaches the root directory. 
 
       Programs infected with the Bryansk virus will have a file length 
       increase of 673 bytes.  The virus will be located at the end of the 
       infected file.  The program's date and time in the DOS disk directory 
       listing will not be altered.  The following text string can be found 
       within the viral code in all Bryansk infected programs: 
 
               "BRYANSK 1992, BITE 0.01 (C)" 
 
       On any Friday before 15:00 (3:00PM), the Bryansk virus will not 
       infect files, instead it will set the Read-Only attribute on for 
       files using the file specification "*.*".

Show viruses from discovered during that infect .

Main Page