CorpLife Virus

 Virus Name:  CorpLife 
 Aliases:     CorpLife.1937 
 V Status:    New 
 Discovery:   July, 1995 
 Symptoms:    .EXE file growth; TSR; file date/time year changed 
 Origin:      North America 
 Eff Length:  1,937 Bytes 
 Type Code:   PRsE - Parasitic Resident .EXE Infector 
 Detection Method: IBMAV, VAlert, AVTK, PCScan, NAV, NAVDX, ViruScan, 
                   AVTK/N, IBMAV/N, NShld, LProt, NAV/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The CorpLife or CorpLife.1937 virus was received in July, 1995.  It 
       appears to be from North America.  CorpLife is a memory resident 
       polymorphic stealth virus which infects .EXE files.  Infected 
       systems with soundblaster cards installed may experience talking 
       or other sounds being emitted from the system speakers. 
       When the first CorpLife infected program is executed, this virus 
       will install itself memory resident as a low system memory TSR 
       of 3,808 bytes, hooking interrupt 21.  Memory mapping utilities 
       may show this TSR as an increase in the size of the last loaded 
       Once the CorpLife virus is memory resident, it will infect .EXE 
       files when they are executed or when a DOS DIR command is issued. 
       Programs infected with the CorpLife virus will have a file length 
       increase of 1,937 bytes, though this file length increase will be 
       hidden when the virus is memory resident.  The virus will be 
       located at the end of the file.  The program's date and time in the 
       DOS disk directory listing will not appear to be altered, though 
       forty years may have been added to the date.  The following text 
       strings are encrypted within the viral code: 
           "-=[$$$ Corporate Life $$$]=- P$" 
           "Fuck Corporat Life." 
       This virus contains code to deactivate the VSafe anti-viral program 
       in memory. 

Show viruses from discovered during that infect .

Main Page