Genc Virus


 Virus Name:  Genc 
 Aliases:     Genc.502 
 V Status:    Rare 
 Discovery:   July, 1994 
 Symptoms:    .COM & .SYS file growth; message; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  502 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM & .SYS Infector 
 Detection Method:  F-Prot, IBMAV, AVTK, ViruScan, Sweep, NAV, NAVDX, 
                    VAlert, PCScan, 
                    AVTK/N, Sweep/N, NProt, IBMAV/N, NShld, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Genc or Genc.502 virus was received in July, 1994.  Its origin or 
       point of isolation is unknown.  This virus is a memory resident 
       infector of .COM and .SYS files, including COMMAND.COM.  It is a fast 
       infector and can quickly spread on a system. 
 
       When the first Genc infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 1,296 bytes.  Interrupts 21 and 24 
       will be hooked by the virus in memory.  Also at this time, the virus 
       will infect COMMAND.COM if it wasn't previously infected. 
 
       Once memory resident, this virus will infect .COM and .SYS files 
       when they are executed, copied, or opened for any reason.  Infected 
       files will increase in size by 502 bytes with the virus being 
       located at the end of the file.  The program's date and time in the 
       DOS disk directory listing will not be altered.  The following text 
       string is visible within the viral code in all infected programs: 
 
               "This virus is Shaware!" 
 
       The above text string will also be occassionally displayed by the 
       virus when .EXE files are executed. 
 
       Known variant(s) of Genc are: 
       Genc.1000: Received in July, 1994, Genc.1000 is a 1,000 byte 
           variant of the Genc virus described above.  Its size in memory 
           is 1,280 bytes, hooking interrupt 21.  It infects .COM files, 
           including COMMAND.COM, when they are executed.  Infected files 
           increase in size by 1,000 bytes with the virus being located 
           at the end of the file.  The file's date in the DOS disk 
           directory listing will have been altered on all infected files. 
           The following text string is visible within the viral code in 
           all infected programs: 
               "GencVir (C) 1993 by HACKER" 
           The Genc.1000 virus will occassionally display this text string 
           as a message. 
           Origin: Unknown  July, 1994.

Show viruses from discovered during that infect .

Main Page