Chile Mediera Virus


 Virus Name:  Chile Mediera 
 Aliases:    
 V Status:    Rare 
 Discovery:   June, 1993 
 Symptoms:    .COM & .EXE file growth; system hangs; deletes AV programs; 
              decrease in total system & available free memory 
 Origin:      Chile 
 Eff Length:  1,527 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, IBMAV, Sweep, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    Sweep/N, AVTK/N, NProt, NAV/N, IBMAV/N, Innoc, NShld, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Chile Mediera virus was submitted in June, 1993, and appears to 
       be from Chile.  Chile Mediera is a memory resident infector of .COM 
       and .EXE programs, including COMMAND.COM.  It interfers with the 
       functioning of several anti-viral packages by deleting or erasing 
       the anti-viral program's file(s). 
 
       When the first Chile Mediera infected program is executed, this 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, hooking interrupt 21.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 2,000 bytes.  Interrupt 12's return 
       will not have been moved.  Also at this time, the virus will infect 
       the copy of COMMAND.COM located in the C: drive root directory if 
       it was not previously infected. 
 
       Once the Chile Mediera virus is memory resident, it will infect 
       .COM and .EXE programs larger than approximately 10K when they are 
       executed or opened for any reason.  Infected .COM and .EXE programs 
       will have a file length increase of 1,527 bytes with the virus 
       being located at the end of the file.  The program's date and time 
       in the DOS disk directory listing will not be altered.  The following 
       text strings are encrypted within the Chile Mediera viral code: 
 
               "CPW fue hecho en Chile en 1992," 
               "VNA CHILE MIERDA!" 
               "C:\COMMAND.COM" 
               "GUARD guard CPAV SCAN CHKVIRUS CLEAN TOOLKIT 
                VSAFE CHKLIST.CPS" 
 
       If the system user attempts to execute one of the anti-viral programs 
       listed in the last line of text strings above with the virus memory 
       resident, the Chile Mediera virus will delete or erase the file 
       from disk.  If the anti-viral program happened to be located on a 
       write-protected diskette, a system hang will result.

Show viruses from discovered during that infect .

Main Page