Geek Virus


 Virus Name:  Geek 
 Aliases: 
 V Status:    Rare 
 Discovery:   July, 1992 
 Symptoms:    .COM & .EXE growth 
 Origin:      United States 
 Eff Length:  450 - 466 Bytes 
 Type Code:   PRfAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, NAV, Sweep, AVTK, F-Prot, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Geek virus was submitted in July, 1992.  It is originally from 
       the United States.  Geek is a memory resident infector of .COM and 
       .EXE programs, including COMMAND.COM. 
 
       When the first Geek infected program is executed, the Geek virus 
       will install itself memory resident in available free memory.  It 
       directly hooks interrupts, and no interrupts will point to the 
       Geek virus in memory when attempting to map memory with various 
       utilities. 
 
       Once the Geek virus is memory resident, it will infect .COM and 
       .EXE programs, including COMMAND.COM, when they are executed. 
       Infected .COM programs will increase in size by 450 bytes.  Infected 
       .EXE programs will increase in size by 456 to 466 bytes.  In both 
       cases the virus will be located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will not 
       be altered.  One text string occurs within the Geek viral code 
       in infected programs: 
 
               "GEEK" 
 
       Geek activates on the 29th day of any month, at which time it will 
       overwrite a random sector on the current drive.

Show viruses from discovered during that infect .

Main Page