Capitall Virus


 Virus Name:  Capitall 
 Aliases: 
 V Status:    Rare 
 Discovery:   July, 1992 
 Symptoms:    .COM file growth; TSR 
 Origin:      Poland 
 Eff Length:  927 Bytes 
 Type Code:   PRsCK - Parasitic Resident .COM Infector 
 Detection Method:  F-Prot, Sweep, ViruScan, IBMAV, AVTK, NAV, NAVDX, 
                    VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Capitall virus was received from Poland in July, 1992.  This 
       virus is a memory resident infector of .COM programs, including 
       COMMAND.COM.  It uses an encryption mechanism similar to that 
       used by the Cascade virus, so it is possible some anti-viral 
       utilities will identify it as Cascade. 
 
       When a program infected with the Capitall virus is executed, this 
       virus will install itself memory resident as a low system memory 
       TSR of approximately 1,952 bytes.  Interrupts 1C, 21, and 28 will be 
       hooked by Capitall in memory. 
 
       Once the Capitall virus is memory resident, it will infect .COM 
       programs when they are executed.  If COMMAND.COM is executed, it 
       will become infected.  Programs infected with the Capitall virus 
       will have a file length increase of 927 bytes with the virus being 
       located at the end of the infected file.  The program's date and 
       time in the DOS disk directory listing will not be altered. 
 
       It is unknown what Capitall may do besides replicate.

Show viruses from discovered during that infect .

Main Page