1024 SBC Virus


 Virus Name:  1024 SBC 
 Aliases:     Ontario II, SBC 
 V Status:    Rare 
 Discovery:   October, 1991 
 Symptoms:    .COM & .EXE growth; intermittent printing problems; 
              decrease in total system and available free memory 
 Origin:      Canada 
 Eff Length:  1,024 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
                  
 General Comments: 
       The 1024 SBC virus was submitted in October, 1991.  Its origin and 
       point of original isolation is Canada.  1024 SBC is a stealth 
       virus which infects .COM and .EXE programs, including COMMAND.COM. 
       It is based on the Ontario virus. 
 
       The first time a program infected with 1024 SBC is executed, this 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, hooking interrupt 21. 
       Total system and available free memory, as measured by the DOS 
       CHKDSK program, will have decreased by 3,072 bytes.  Interrupt 
       12's return will not have been moved.  At this time, the virus 
       will also infect COMMAND.COM if it was not previously infected. 
       Infected COMMAND.COM files will not have any file length increase 
       as the virus will have overwritten part of the 00h characters 
       located at the end of COMMAND.COM. 
 
       Once memory resident, 1024 SBC will infect .COM and .EXE programs 
       when they are executed or opened for any reason.  Infected .COM 
       and .EXE programs will have a file length increase of 1,024 bytes, 
       though the file length increase will be hidden if the virus is 
       memory resident.  The virus is located at the end of the infected 
       files. 
 
       A symptom of a 1024 SBC infection is that the user may experience 
       intermittent printing problems with the system printer. 
 
       Unlike several other viruses which hide the file length increase, 
       the DOS CHKDSK program will not return file allocation errors on 
       infected programs when the virus is memory resident. 
 
       1024 SBC is an encrypted virus, and no text strings are visible in 
       the viral code in infected programs. 
 
       See:   Ontario   Ontario III

Show viruses from discovered during that infect .

Main Page