Collor de Mello Virus


 Virus Name:  Collor de Mello 
 Aliases:    
 V Status:    Rare 
 Discovery:   September, 1993 
 Symptoms:    .COM file growth; file date/time seconds = 62 
 Origin:      Unknown 
 Eff Length:  878 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, Sweep, IBMAV, F-Prot, NAVDX, VAlert, 
                    NAV, PCScan, ChAV, 
                    NProt, NShld, AVTK/N, Sweep/N, IBMAV/N, NAV/N, 
                    Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Collor de Mello virus was submitted in September, 1993.  Its 
       origin or point of isolation is unknown.  Collor de Mello is a 
       non-resident, direct action infector of .COM programs, including 
       COMMAND.COM. 
 
       When a program infected with the Collor de Mello virus is executed, 
       this virus will access the system hard disk C: drive and determine 
       if the copy of COMMAND.COM located in the C: drive root directory is 
       infected.  If this copy of COMMAND.COM is not infected, the virus will 
       infect it at this time.  Once the virus has checked, and possibly 
       infected COMMAND.COM, it will go on to infect one other .COM program 
       located on the C: drive. 
 
       Programs infected with the Collor de Mello virus will have a file 
       length increase of 878 bytes with the virus being located at the 
       end of the file.  The program's date and time in the DOS disk 
       directory listing will not appear to be altered, though the seconds 
       field will have been set to "62".  No text strings are visible within 
       the viral code in Collor de Mello infected programs. 
 
       It is unknown what Collor de Mello does besides replicate.

Show viruses from discovered during that infect .

Main Page