Crazy Frog Virus

 Virus Name:  Crazy Frog 
 Aliases:     Crazy Frog.1477 
 V Status:    New 
 Discovery:   May, 1996 
 Symptoms:    .COM & .EXE growth; DOS CHKDSK file allocation errors; 
              decrease in available free memory; 
              file date/time seconds = "30" or "62" 
 Origin:      Unknown 
 Eff Length:  1,477 Bytes 
 Type Code:   PRhA - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, NAV, NAVDX, ViruScan, ChAV, 
                    AVTK/N, IBMAV/N, NAV/N, NShld 2.32 9607+, 
                    Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Crazy Frog virus was received in May, 1996.  Its origin or 
       point of isolation is unknown.  Crazy Frog is a memory resident 
       fast infector of .COM and .EXE files which is also a size stealthing 
       virus.  It does not infect COMMAND.COM. 
       When the first Crazy Frog infected program is executed, this virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, hooking interrupts 21 and 24.  Available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 1,504 bytes.  Interrupt 12's return will not 
       have been moved. 
       Once the Crazy Frog virus is memory resident, it will infect .COM 
       and .EXE files, other than COMMAND.COM, when they are executed, 
       opened, or copied.  Infected files will have a file length increase 
       of 1,477 bytes, though this file length increase will be hidden when 
       the virus is memory resident.  The virus will be located at the end 
       of the file.  The program's date and time in the DOS disk directory 
       listing will not appear to be altered, though the seconds field will 
       have been altered to either "30" or "62".  The following text string 
       is encrypted within the viral code: 
           "cRaZy fRoG, (c)95 bY iRASCiBLE" 
       The DOS CHKDSK program will indicate file allocation errors on all 
       infected files when this virus is memory resident. 

Show viruses from discovered during that infect .

Main Page