Flagyll Virus

 Virus Name:  Flagyll 
 V Status:    Rare 
 Discovered:  April, 1993 
 Symptoms:    .EXE files corrupted; .EXE programs fail to function 
              properly; decrease in total system & available free memory; 
              file date/time changes 
 Origin:      Unknown 
 Eff Length:  318 Bytes (Overwriting) 
 Type Code:   ORhE - Overwriting Resident .EXE Infector 
 Detection Method:  F-Prot, ViruScan, NAV, AVTK, Sweep, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    Innoc, NShld, Sweep/N, NAV/N, NProt, AVTK/N, IBMAV/N, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Flagyll virus was submitted in April, 1993.  Its origin or 
       point of isolation is unknown.  Flagyll is a memory resident 
       overwriting virus which infects .EXE programs. 
       When the first Flagyll infected program is executed, the Flagyll 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, not moving interrupt 12's 
       return.  Total system and available free memory, as indicated by 
       the DOS CHKDSK program, will have decreased by 4,096 bytes. 
       Interrupt 21 will be hooked by Flagyll in memory. 
       Once the Flagyll virus is memory resident, it will infect .EXE 
       programs when they are executed.  Infected programs will have the 
       first 318 bytes overwritten by the Flagyll virus.  The program's 
       date and time will have been updated to the current system date 
       and time when infection occurred.  The following text strings can 
       be found within the viral code in all Flagyll infected programs: 
               "-=[Crypt Newsletter 13]=-" 
       Flagyll doesn't appear to do anything besides replicate, though 
       it corrupts the programs it infects. 
       Known variant(s) of Flagyll are: 
       Flagyll-Z: Functionally very similar to the Flagyll virus 
                  described above, the primarily difference is that this 
                  variant overwrites the first 371 bytes of the host .EXE 
                  program, and the file's date and time in the DOS disk 
                  directory listing will not be altered.  The following 
                  text strings can be found within the viral code: 
                  "-=[Crypt Newsletter 13]=-" 
                  Origin:  Unknown  April, 1993. 

Show viruses from discovered during that infect .

Main Page