Virus Name: Demolition
V Status: Rare
Discovered: December, 1991
Symptoms: .COM file growth; TSR; system hangs
Eff Length: 1,585 Bytes
Type Code: PRsCK - Parasitic Resident .COM Infector
Detection Method: ViruScan, AVTK, F-Prot, Sweep, ChAV,
NAV, IBMAV, NAVDX, VAlert, PCScan,
NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N,
Removal Instructions: Delete infected programs
The Demolition virus was submitted in December, 1991. Its origin
or point of original isolation is unknown. Demolition is a memory
resident infector of .COM programs, including COMMAND.COM.
When the first Demolition infected .COM program is executed, the
Demolition virus will install itself memory resident as a low system
memory TSR of 1,904 bytes. It will have hooked interrupt 21.
Once the Demolition virus is memory resident, it will infect .COM
programs, including COMMAND.COM, when they are executed. Infected
.COM programs will have a file length increase of 1,585 bytes. The
virus will be located at the end of the infected file. The file's
date and time in the DOS disk directory listing will not have been
altered. The following text string can be found within the viral
code in Demolition infected files:
The Demolition virus will occassionally hang the system when it
infects files. When the infected file is later executed, it will
also result in a system hang.
It is unknown if the Demolition virus contains any damage potential.