Virus Name: Explosion
V Status: Rare
Discovered: June, 1993
Symptoms: .COM & .EXE growth;
decrease in total system & available free memory
Eff Length: 1,000 Bytes
Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector
Detection Method: ViruScan, F-Prot, AVTK, IBMAV, Sweep,
NAV, NAVDX, VAlert, PCScan, ChAV,
NShld, AVTK/N, Sweep/N, NProt, Innoc, IBMAV/N, NAV/N,
Removal Instructions: Delete infected files
The Explosion virus was received in June, 1993. Its origin or
point of isolation is unknown. Explosion is a memory resident
infector of .COM and .EXE programs, including COMMAND.COM.
When the first Explosion infected program is executed, this virus
will install itself memory resident at the top of system memory but
below the 640K DOS boundary, not moving interrupt 12's return.
Total system and available free memory, as indicated by the DOS
CHKDSK program, will have decreased by 1,008 bytes. Interrupt 21
will be hooked by Explosion in memory.
Once the Explosion virus is memory resident, it will infect .COM
and .EXE programs when they are executed. Infected programs will
have a file length increase of 1,000 bytes with the virus being
located at the end of the file. The program's date and time in the
DOS disk directory listing will not be altered. No text strings
are visible within the viral code.
It is unknown what Explosion may do besides replicate.