Flagyll Virus

Virus Name: Flagyll Aliases: V Status: Rare Discovered: April, 1993 Symptoms: .EXE files corrupted; .EXE programs fail to function properly; decrease in total system & available free memory; file date/time changes Origin: Unknown Eff Length: 318 Bytes (Overwriting) Type Code: ORhE - Overwriting Resident .EXE Infector Detection Method: F-Prot, ViruScan, NAV, AVTK, Sweep, IBMAV, NAVDX, VAlert, PCScan, ChAV, Innoc, NShld, Sweep/N, NAV/N, NProt, AVTK/N, IBMAV/N, LProt Removal Instructions: Delete infected files General Comments: The Flagyll virus was submitted in April, 1993. Its origin or point of isolation is unknown. Flagyll is a memory resident overwriting virus which infects .EXE programs. When the first Flagyll infected program is executed, the Flagyll virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 4,096 bytes. Interrupt 21 will be hooked by Flagyll in memory. Once the Flagyll virus is memory resident, it will infect .EXE programs when they are executed. Infected programs will have the first 318 bytes overwritten by the Flagyll virus. The program's date and time will have been updated to the current system date and time when infection occurred. The following text strings can be found within the viral code in all Flagyll infected programs: "-=[Crypt Newsletter 13]=-" "EXE.COM" "Flagyll" Flagyll doesn't appear to do anything besides replicate, though it corrupts the programs it infects. Known variant(s) of Flagyll are: Flagyll-Z: Functionally very similar to the Flagyll virus described above, the primarily difference is that this variant overwrites the first 371 bytes of the host .EXE program, and the file's date and time in the DOS disk directory listing will not be altered. The following text strings can be found within the viral code: "-=[Crypt Newsletter 13]=-" "EXE.COM" "Flagyll-Z" Origin: Unknown April, 1993.