Estepa Virus


 Virus Name:  Estepa 
 Aliases:    
 V Status:    Rare 
 Discovered:  August, 1993 
 Symptoms:    .COM & .EXE file growth; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  2,004 - 2,034 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, NAV, NAVDX, ViruScan, ChAV, AVTK 7.68+, 
                    NShld, NProt, NAV/N, Innoc, AVTK/N 7.68+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Estepa virus was submitted in August, 1993.  Its origin or point 
       of isolation is unknown.  Estepa is a memory resident infector of 
       .COM and .EXE programs, including COMMAND.COM.  It appears to be 
       based on the Cartuja virus. 
   
       When the first Estepa infected program is executed, the Estepa virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 61,856 bytes.  Interrupt 21 will be 
       hooked by Estepa in memory. 
 
       Once the Estepa virus is memory resident, it will infect .COM and 
       .EXE programs, including COMMAND.COM, when they are executed. 
       Infected programs will have a file length increase of 2,004 to 
       2,034 bytes with the virus being located at the end of the file. 
       The program's date and time in the DOS disk directory listing will 
       not be altered.  No text strings are visible within the viral code 
       in Estepa infected programs. 
 
       It is unknown what Estepa does besides replicate. 
 
       See:  Cartuja

Show viruses from discovered during that infect .

Main Page