Cartuja Virus

 Virus Name:  Cartuja 
 V Status:    Rare 
 Discovery:   June, 1993 
 Symptoms:    .COM & .EXE growth; system hangs; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  1,568 - 1,600 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, IBMAV, Sweep, AVTK, NAV, 
                    NAVDX, VAlert, ChAV, 
                    NShld, NProt, Sweep/N, AVTK/N, IBMAV/N, NAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Cartuja virus was submitted in June, 1993.  Its origin or point 
       of isolation is unknown.  Cartuja is a memory resident infector of 
       .COM and .EXE programs, including COMMAND.COM. 
       When the first Cartuja infected program is executed, the Cartuja 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, hooking interrupt 21.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 60,704 bytes.  Interrupt 12's return 
       will not have been moved. 
       Once the Cartuja virus is memory resident, it may infect .COM and 
       .EXE programs when they are executed, though it doesn't always 
       infect the file.  As a result, it may take several executions of a 
       particular .COM or .EXE program before the file becomes infected. 
       Programs infected with the Cartuja virus will have a file length 
       increase of 1,568 to 1,600 bytes with the virus being located at the 
       end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  The following text string 
       appears within the viral code in all Cartuja infected programs: 
               "Frz G" 
       Frequent system hangs may occur when Cartuja infected programs are 
       executed.  The damage potential for this virus is unknown. 
       See:  Estepa 

Show viruses from discovered during that infect .

Main Page