Cmdr Bomber Virus

 Virus Name:  Cmdr Bomber 
 V Status:    Rare 
 Discovery:   May, 1992 
 Symptoms:    .COM file growth; TSR 
 Origin:      Bulgaria 
 Eff Length:  4,096 Bytes 
 Type Code:   PRhC - Parasitic Resident .COM Infector 
 Detection Method:  AVTK, IBMAV, Sweep, F-Prot, NAV, NAVDX, VAlert, 
                    ViruScan, ChAV, 
                    Sweep/N, Innoc, AVTK/N, IBMAV/N, NAV/N, NShld 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Cmdr Bomber virus was submitted in May, 1992.  It originated 
       in Bulgaria, and is believed have been written by the same person 
       whom wrote the Dark Avenger virus.  Cmdr Bomber is unusual in the 
       method in which it infects files, which complicates the detection 
       process for anti-viral programs using certain types of scanning 
       When the first program infected with the Cmdr Bomber virus is 
       executed, the Cmdr Bomber virus will install itself memory resident 
       as a low system memory TSR of 2,752 bytes.  Interrupt 21 will be 
       hooked by the Cmdr Bomber virus in memory. 
       Once the Cmdr Bomber virus is memory resident, it will infect .COM 
       programs other than COMMAND.COM when they are executed.  Infected 
       programs will increase in size by 4,096 bytes.  The beginning of 
       the file will have a number of garbled bytes at the beginning which 
       will result in the execution of the program jumping to a location 
       in the middle of the file where the virus has located its viral 
       code.  In effect, the virus will be located in the middle of the 
       infected .COM file.  The program's date and time in the DOS disk 
       directory listing will not be altered. 
       The following text strings can be found within the viral code in 
       Cmdr Bomber infected programs: 
               "[DAME]  [DAME]" 
       This virus is not related the the Bomber virus which is from 

Show viruses from discovered during that infect .

Main Page