Virus Name: CorpLife
V Status: New
Discovery: July, 1995
Symptoms: .EXE file growth; TSR; file date/time year changed
Origin: North America
Eff Length: 1,937 Bytes
Type Code: PRsE - Parasitic Resident .EXE Infector
Detection Method: IBMAV, VAlert, AVTK, PCScan, NAV, NAVDX, ViruScan,
AVTK/N, IBMAV/N, NShld, LProt, NAV/N, Innoc 4.0+
Removal Instructions: Delete infected files
The CorpLife or CorpLife.1937 virus was received in July, 1995. It
appears to be from North America. CorpLife is a memory resident
polymorphic stealth virus which infects .EXE files. Infected
systems with soundblaster cards installed may experience talking
or other sounds being emitted from the system speakers.
When the first CorpLife infected program is executed, this virus
will install itself memory resident as a low system memory TSR
of 3,808 bytes, hooking interrupt 21. Memory mapping utilities
may show this TSR as an increase in the size of the last loaded
Once the CorpLife virus is memory resident, it will infect .EXE
files when they are executed or when a DOS DIR command is issued.
Programs infected with the CorpLife virus will have a file length
increase of 1,937 bytes, though this file length increase will be
hidden when the virus is memory resident. The virus will be
located at the end of the file. The program's date and time in the
DOS disk directory listing will not appear to be altered, though
forty years may have been added to the date. The following text
strings are encrypted within the viral code:
"-=[$$$ Corporate Life $$$]=- P$"
"Fuck Corporat Life."
This virus contains code to deactivate the VSafe anti-viral program