FoneSex Virus


 Virus Name:  FoneSex 
 Aliases:    
 V Status:    Viron 
 Discovered:  January, 1993 
 Symptoms:    .COM & .EXE programs overwritten; program corruption; 
              messages; attempts to dial modem 
 Origin:      Unknown 
 Eff Length:  688 Bytes OW 
 Type Code:   ONA - Overwriting Non-Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, Sweep, IBMAV, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, NAV/N, AVTK/N, IBMAV/N, Innoc, LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The FoneSex virus was submitted in January, 1993.  Its origin or 
       point of isolation is unknown.  FoneSex is a non-resident, direct 
       action overwriting virus which infects .COM and .EXE programs. 
 
       When a program infected with the FoneSex virus is executed, the 
       FoneSex virus will infect all of the .COM and .EXE programs located 
       in the current directory.  Infected programs will not increase in 
       size unless they were originally smaller than 688 bytes in length, 
       in which case they will become 688 bytes in length.  The program's 
       date and time in the DOS disk directory listing will not be altered. 
       Once the virus has completed infecting all of the .COM and .EXE 
       programs in the current directory, it will display one of the 
       following messages and return the user to the DOS prompt: 
 
               "Out of Memory" 
               "Program too big to fit in memory" 
 
       The FoneSex virus contains the following unencrypted text strings 
       within its viral code: 
 
               "*.* *.exe \ \dos *.com d" 
               "Out of Memory" 
               "9034600" 
               "4545388" 
               "2888100" 
               "6809100" 
               "9038181" 
               "4540759" 
               "8840758" 
               "8965581" 
               "6804900" 
               "4075240" 
               "9038700" 
               "7868482" 
 
       The above seven digit numeric text strings are interpretted as 
       phone numbers by the virus, and the virus may occassionally attempt 
       to send a dialing command sequence to the system COM ports in order 
       to activate a modem. 
       

Show viruses from discovered during that infect .

Main Page