Virus Name: FoneSex
V Status: Viron
Discovered: January, 1993
Symptoms: .COM & .EXE programs overwritten; program corruption;
messages; attempts to dial modem
Eff Length: 688 Bytes OW
Type Code: ONA - Overwriting Non-Resident .COM & .EXE Infector
Detection Method: ViruScan, F-Prot, AVTK, Sweep, IBMAV, NAV,
NAVDX, VAlert, PCScan, ChAV,
NShld, Sweep/N, NAV/N, AVTK/N, IBMAV/N, Innoc, LProt
Removal Instructions: Delete infected files
The FoneSex virus was submitted in January, 1993. Its origin or
point of isolation is unknown. FoneSex is a non-resident, direct
action overwriting virus which infects .COM and .EXE programs.
When a program infected with the FoneSex virus is executed, the
FoneSex virus will infect all of the .COM and .EXE programs located
in the current directory. Infected programs will not increase in
size unless they were originally smaller than 688 bytes in length,
in which case they will become 688 bytes in length. The program's
date and time in the DOS disk directory listing will not be altered.
Once the virus has completed infecting all of the .COM and .EXE
programs in the current directory, it will display one of the
following messages and return the user to the DOS prompt:
"Out of Memory"
"Program too big to fit in memory"
The FoneSex virus contains the following unencrypted text strings
within its viral code:
"*.* *.exe \ \dos *.com d"
"Out of Memory"
The above seven digit numeric text strings are interpretted as
phone numbers by the virus, and the virus may occassionally attempt
to send a dialing command sequence to the system COM ports in order
to activate a modem.