Close Virus

 Virus Name:  Close 
 V Status:    Rare 
 Discovery:   April, 1992 
 Symptoms:    .EXE file growth; decrease in total system and available free 
              memory; message; boot failure on C: drive 
 Origin:      Unknown 
 Eff Length:  662 - 672 Bytes 
 Type Code:   PRhE - Parasitic Resident .EXE Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, Sweep, IBMAV, 
                    NAV, NAVDX, VAlert, ChAV, PCScan, 
                    NShld, Sweep/N, LProt, Innoc, NProt, IBMAV/N, 
                    AVTK/N, NAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Close virus was submitted in April, 1992.  Its origin is 
       unknown.  Close is a memory resident infector of .EXE programs 
       which will eventually corrupt one of the system files required 
       to boot the system from the C: drive. 
       The first time a program infected with the Close virus is executed, 
       Close will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary.  Total system and available 
       free memory, as indicated by the DOS CHKDSK program, will have 
       decreased by 784 bytes.  Interrupt 21 will be hooked. 
       Once the Close virus is memory resident, it will infect .EXE 
       programs when they are executed.  Infected programs will have a 
       file length increase of 662 to 672 bytes with the virus being 
       located at the end of the infected file.  The program's date and 
       time in the DOS disk directory listing will not be altered.  Two 
       text strings are visible within the Close virus' code in infected 
               "C:\IO.SYS C:\IBMBIO.COM" 
               "Close .." 
       The Close virus was intermittently activate, at which time it will 
       display the message "Close .." on the system screen and then 
       corrupt either C:\IO.SYS or C:\IBMBIO.COM.  The system will then 
       be hung.  Attempts to reboot the system from the C: drive will 
       fail as one of the hidden system files is corrupted. 
       After disinfecting or replacing all programs infected with the Close 
       virus, the user should replace the hidden system files on the C: 
       drive using the DOS SYS program. 

Show viruses from discovered during that infect .

Main Page