Virus Name: Budo
V Status: Viron
Discovery: October, 1992
Symptoms: .COM & .EXE file corruption; programs fail to execute
Eff Length: 890 Bytes
Type Code: ONA - Overwriting Non-Resident .COM & .EXE Infector
Detection Method: ViruScan, Sweep, AVTK, F-Prot, IBMAV,
NAV, NAVDX, VAlert, PCScan, ChAV,
NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N
Removal Instructions: Delete infected files
The Budo virus was submitted from Finland in October, 1992. Budo
is a non-resident, direct action overwriting virus which infects
.COM and .EXE programs, but not COMMAND.COM.
When a program infected with the Budo virus is executed, this virus
may infect one .COM or .EXE program located in the current directory.
The user is then returned to the DOS prompt. Infected programs will
have the first 890 bytes overwritten by the Budo viral code. Unless
the original host program was smaller than 890 bytes, there will be
no increase in file size. In the case of programs which were
smaller than 890 bytes, they will become 890 bytes in length. The
program's date and time in the DOS disk directory listing will not
be altered. The following text strings can be found within the
"BUDO V1.2 TH‘HV FINLAND PQ"
"FLOW LIKE A RIVER - STRIKE LIKE THUNDER"
Budo destroys the programs it infects, and infected programs must
be replaced from clean, uninfected backups.
Known variant(s) of Budo are:
Budo.1000: Received in July, 1994, Budo.1000 is a memory resident,
1,000 byte variant of the Budo virus described above. When
the first infected program is executed, it installs itself
memory resident as a low system memory TSR of 1,232 bytes,
hooking interrupts 21 and 22. Once resident, it may infect
.COM programs when they are executed, overwriting the first
1,000 bytes. The program's date and time in the DOS disk
directory listing will not be altered. The following text
strings are visible within the viral code in all infected
"BUDO V1.0 April/92"
"T‘H & HV Finland"
"Flow like a river - strike like a thunder"
"Incorrect DOS version"
Origin: Finland July, 1994.