DWI Virus


 Virus Name:  DWI 
 Aliases:    
 V Status:    Rare (in public domain) 
 Discovered:  May, 1993 
 Symptoms:    .EXE file growth; program execution failures on large .EXE; 
              decrease in total system & available free memory; message & 
              WIN.COM corruption 
 Origin:      United States 
 Eff Length:  1,051 - 1,065 Bytes 
 Type Code:   PRhE - Parasitic Resident .EXE Infector 
 Detection Method:  ViruScan, AVTK, NAV, F-Prot, IBMAV, 
                    Sweep, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, NAV/N, Sweep/N, AVTK/N, NProt, IBMAV/N, Innoc, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The DWI virus was submitted in May, 1993.  It was written by a 
       member of the Virulent Graffiti virus writing group in the United 
       States.  DWI is a memory resident infector of .EXE programs. 
 
       When the first DWI infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, hooking interrupt 21.  Total system and 
       available free memory, as indicated by the DOS CHKDSK program, will 
       have decreased by 1,296 bytes.  Interrupt 12's return will not be 
       moved. 
 
       Once the DWI virus is memory resident, it will infect .EXE programs 
       when they are executed.  Infected .EXE programs will have a file 
       length increase of 1,051 to 1,065 bytes with the virus being located 
       at the end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  The following text strings 
       are encrypted within the DWI viral code: 
 
               "[DWI] AccuPunk/The Attitude Adjuster Virulent Graffiti" 
               "WIN.COM" 
               "You've been caught, you DWI! 
                You're nothing but a Damn Windows Idiot!" 
               "Well, we at Virulent Graffiti have had it... 
                you're not going to be" 
               "running that bullshit for a while, 'cuz, hey, friends 
                don't let friends" 
               "use Windows! (and you're damn right we're your friends!)" 
 
       .EXE programs larger than 64K in size will fail to execute when they 
       are executed. 
 
       If the system user attempts to execute WIN.COM with DWI memory 
       resident, the following message will be displayed on the system 
       monitor, and WIN.COM will be corrupted by the virus: 
 
    "You've been caught, you DWI! You're nothing but a Damn Windows Idiot! 
     Well, we at Virulent Graffiti have had it... you're not going to be 
     running that bullshit for a while, 'cuz, hey, friends don't let friends 
     use Windows! (and you're damn right we're your friends!)"

Show viruses from discovered during that infect .

Main Page