Cara Virus

 Virus Name:  Cara 
 V Status:    Rare 
 Discovery:   August, 1991 
 Symptoms:    .COM growth; TSR; boot sector altered; decrease in total 
              system and available free memory 
 Origin:      Spain 
 Eff Length:  1,025 Bytes 
 Type Code:   PRsCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, Sweep, AVTK, NAV, IBMAV, 
                    F-Prot, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Cara virus was received in September, 1991.  It is originally 
       from Spain.  Cara is a memory resident infector of .COM files, 
       including COMMAND.COM.  It also alters boot sectors, though the 
       boot sectors do not contain a live virus. 
       The first time a program infected with Cara is executed, Cara will 
       become memory resident at the top of system memory but below the 
       640K DOS boundary.  Total system and available free memory will 
       decrease by 3,048 bytes.  Interrupts 13 and 21 will be hooked by 
       the Cara virus in memory.  At this time, Cara will also infect 
       COMMAND.COM if it was not previously infected, and alter the 
       current drive's boot sector by overwriting it. 
       Once Cara is memory resident, it will infect .COM files when they 
       are opened or executed.  Infected .COM files increase in length 
       by 1,025 bytes with the virus being located at the end of infected 
       files.  There will be no change in the file's date and time in the 
       DOS disk directory. 
       Programs infected with Cara will have the text string "CARA" located 
       in the fifth thru eighth bytes of the infected files.  This string 
       is the marker used by the virus to determine if the file is 
       already infected.  Other text strings which can be found near the 
       end of infected files are: 
               "Virus es en memoria! 
                Disco es infectado. Reemplaza "Boot". 
       CARA's overwriting of the disk boot sector is an attempt to 
       disinfect boot sector viruses by providing a new boot sector. 

Show viruses from discovered during that infect .

Main Page