Dichotomy Virus

Virus Name: Dichotomy Aliases: V Status: New Discovered: September, 1994 Symptoms: .COM & .EXE growth; file date/time seconds = "62"; decrease in total system & available free memory; system hangs Origin: Unknown Eff Length: 863 Bytes Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector Detection Method: ViruScan, F-Prot, AVTK, Sweep, IBMAV, NAVDX, VAlert, NAV, PCScan, ChAV, IBMAV/N, NShld, AVTK/N, Sweep/N, NProt, NAV/N, LProt, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The Dichotomy virus was received in September, 1994. Its origin or point of isolation is unknown. Dichotomy is a memory resident infector of .COM and .EXE files, including COMMAND.COM. When the first Dichotomy infected program is executed, this virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 1,072 bytes. Interrupt 21 will be hooked by the virus in memory. Once the Dichotomy virus is memory resident, it will infect .COM and .EXE files when they are executed. Infected programs will have a file length increase of 863 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not appear to be altered, though the seconds field will have been set to "62". The following text strings are visible within the viral code in all Dichotomy infected programs: "[Dichotomy]" "(c) 1994 Evil Avatar" The Dichotomy virus infects .EXE files as though they are .COM files. As a result, system hangs may occur when infected .EXE programs are executed.