Burglar Virus

 Virus Name:  Burglar 
 Aliases:     Burglar.1150 
 V Status:    New 
 Discovery:   January, 1996 
 Symptoms:    .EXE file growth; decrease in available free memory; 
              file date/time seconds = "58"; 
              DOS CHKDSK file allocation errors 
 Origin:      Unknown 
 Eff Length:  1,150 Bytes 
 Type Code:   PRhE - Parasitic Resident .EXE Infector 
 Detection Method:  ViruScan, NAV, NAVDX, AVTK, IBMAV, F-Prot, PCScan, 
                    NShld, NAV/N, AVTK/N, IBMAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Burglar or Burglar.1150 virus was received in January, 1996, and 
       is reported to be in the wild in North America.  Burglar is a memory 
       resident infector of .EXE files which exhibits some stealth 
       When the first Burglar infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 1,376 bytes.  Interrupt 21 will be hooked by 
       the virus in memory. 
       Once the Burglar virus is memory resident, it may infect .EXE files 
       when they are executed, opened, or copied, though it does not infect 
       all .EXE files.  Programs infected with the Burglar virus will have 
       a file length increase of 1,150 bytes, though this file length 
       increase will be hidden when the virus is memory resident.  The 
       file's date and time in the DOS disk directory listing will not 
       appear to be altered, though the seconds field will have been set to 
       "58".  The following text strings are visible within the viral code 
       in all infected files: 
           "AT THE GRAVE OF GRANDMA...." 
       The DOS CHKDSK program will indicate file allocation errors on all 
       infected files when this virus is memory resident. 

Show viruses from discovered during that infect .

Main Page