Cosenza Virus

 Virus Name:  Cosenza 
 V Status:    In The Wild 
 Discovery:   July, 1996 
 Symptoms:    .COM & .EXE growth; decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  3,205 - 3,236 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  AVTK, NAV, NAVDX, PCScan, ChAV, ViruScan 2.54+, 
                    Innoc, NAV/N, AVTK/N, NShld 2.33+ 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Cosenza virus was received in July, 1996.  Its origin or point 
       of isolation is unknown, though it has been reported to be "in the 
       wild".  Cosenza is a memory resident infector of .COM and .EXE 
       files, including COMMAND.COM. 
       When the first Cosenza infected program is executed, this virus 
       will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program 
       from DOS 5.0, will have decreased by 4,176 bytes.  Interrupt 21 
       will be hooked by the virus in memory. 
       Once the Cosenza virus is memory resident, it will infect .COM and 
       .EXE files, including COMMAND.COM, when they are executed.  Infected 
       .COM files will have a file length increase of 3,205 to 3,215 bytes 
       while .EXE files will increase in size by 3,224 to 3,236 bytes.  In 
       both cases, the virus will be located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will not 
       be altered.  The following text strings are encrypted within the 
       viral code: 
       "[C*O*S*E*N*Z*A] Virus!" 
       "(COMPUTER POINT    <-> COSENZA, d'Italia,0984/48166" 
       "<-> COSENZA,via N. Serra ,0984/38861 )" 
       "(COMPUTER DISCOUNT <-> COSENZA,via Rodota 15,0984/71230 )" 
       "Advanced Semi-Stealth Virus with " 
       "(P)olymorphic          /*********-*********\" 
       "(V)ariable             * C-y-b-e-r L-o-r-d *" 
       "(E)ncryption           \*********-*********/" 
       It is unknown what this virus may do besides replicate. 

Show viruses from discovered during that infect .

Main Page