Career Of Evil Virus


 Virus Name:  Career Of Evil 
 Aliases:     Career Of Evil-446 
 V Status:    Rare 
 Discovery:   July, 1993 
 Symptoms:    .COM & .SYS file growth; DOS CHKDSK file allocation errors 
              decrease in total system and available free memory 
 Origin:      Unknown 
 Eff Length:  446 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  AVTK, NAV, ViruScan, IBMAV, F-Prot, NAVDX, 
                    VAlert, PCScan, ChAV, 
                    NShld, NProt, Sweep/N, NAV/N, AVTK/N, IBMAV/N, Innoc, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Career Of Evil, or Career Of Evil-446, virus was received in 
       July, 1993.  Its origin or point of isolation is unknown.  Career 
       Of Evil is a memory resident virus which uses some stealth 
       techniques to avoid detection and spread quickly to files.  It 
       infects .COM programs, including COMMAND.COM, as well as .SYS files. 
 
       When the first Career of Evil infected program is executed, this 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, hooking interrupt 21. 
       Total system and available free memory, as indicated by the DOS 
       CHKDSK program, will have decreased by 704 bytes.  Interrupt 12's 
       return will not be moved. 
 
       Once the Career of Evil virus is memory resident, it will infect 
       .COM and .SYS programs when they are executed or opened for any 
       reason.  Infected programs will have a file length increase of 
       446 bytes with the virus being located at the end of the file. 
       The file length increase, however, will be hidden when the virus 
       is memory resident.  The program's date and time in the DOS disk 
       directory listing will not be altered.  The text string "UK" can be 
       found starting in the fourth byte of all infected programs.  The 
       following text string is visible within the viral code located at 
       the end of infected programs: 
 
               "tenUKCareer of Evil" 
 
       When the Career Of Evil virus is memory resident, the DOS CHKDSK 
       program will return file allocation errors on all infected programs. 
 
       Known variant(s) of Career of Evil are: 
       Career Of Evil-697: A 697 byte variant of the Career Of Evil 
                virus described above, this variant's size in memory is 
                960 bytes, hooking interrupt 21.  It infects .COM and .SYS 
                files when they are executed or opened for any reason. 
                Infected programs will have a file length increase of 697 
                bytes though this file length increase will be hidden when 
                the virus is memory resident.  The virus will be located 
                at the end of the file.  The program's date and time in the 
                DOS disk directory listing will not be altered.  The same 
                text strings appear in this variant as the original virus. 
                DOS CHKDSK file allocation errors will also occur on 
                infected programs when the virus is memory resident. 
                Origin:  Unknown  July, 1993

Show viruses from discovered during that infect .

Main Page