Crazy_Lord Virus

 Virus Name:  Crazy_Lord 
 Aliases:     Crazy_Lord.457 
 V Status:    New 
 Discovery:   July, 1995 
 Symptoms:    .EXE file header altered; file date/time changes 
 Origin:      Unknown 
 Eff Length:  457 Bytes (Overwriting) 
 Type Code:   PRaE - Overwriting Resident .EXE Infector 
 Detection Method: NAV, NAVDX, ViruScan, IBMAV, VAlert, AVTK, PCScan, 
                   F-Prot, ChAV, 
                   AVTK/N, NAV/N, IBMAV/N, NShld, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Crazy_Lord virus was received in July, 1995.  Its origin or 
       point of isolation is unknown.  Crazy_Lord is a memory resident 
       infector of .EXE files.  It is a full stealth virus. 
       When the first Crazy_Lord infected program is executed, this virus 
       will become memory resident in allocated system memory.  This virus 
       directly hooks interrupts in a way that interrupt mapping utilities 
       will not be able to map the interrupts to it.  Also at this time, 
       the virus will infect all of the .EXE files located in the current 
       Once the Crazy_Lord virus is memory resident, it will infect .EXE 
       files when they are executed.  Infected .EXE files will have no 
       increase in the file's length as the virus overwrites 457 bytes of 
       the .EXE file header (which is the first 512 bytes of the host 
       file).  Infected programs will have their date and time in the 
       DOS disk directory listing updated to the current system date and 
       time when infection occurred.  The following text strings are 
       visible within the viral code: 
           "Written By Crazy Lord (Ming)" 
           "Made In Hong Kong" 
       Crazy_Lord is a full stealth virus, disinfected programs as they 
       are read into memory.  As such anti-viral programs unaware of this 
       virus will not be able to detect the virus when it is memory 

Show viruses from discovered during that infect .

Main Page