GoldGeld Virus

 Virus Name:  GoldGeld 
 V Status:    Rare 
 Discovered:  January, 1993 
 Symptoms:    .COM & .EXE growth; decrease in total system & available free 
 Origin:      Germany 
 Eff Length:  612 Bytes 
 Type Code:   PRtAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, ViruScan, Sweep, AVTK, IBMAV, 
                    NAVDX, VAlert, NAV, PCScan, ChAV, 
                    NShld, Sweep/N, AVTK/N, NProt, IBMAV/N, Innoc, NAV/N, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The GoldGeld virus was submitted in January, 1993, and appears to 
       be from Germany.  GoldGeld is a memory resident infector of .COM 
       and .EXE programs, including COMMAND.COM.  Some anti-viral programs 
       may identify it as a PS-MPC based virus since it uses a similar 
       encryption mechanism. 
       When the first GoldGeld infected program is executed, the GoldGeld 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, moving interrupt 12's 
       return.  Total system and available free memory, as indicated by the 
       DOS CHKDSK program, will have decreased by 2,048 bytes.  Interrupt 
       21 will be hooked by GoldGeld in memory. 
       Once the GoldGeld virus is memory resident, it will infect .COM 
       and .EXE programs when they are executed.  Infected programs will 
       have a file length increase of 612 bytes with the virus being 
       located at the end of the file.  The program's date and time in the 
       DOS disk directory listing will not be altered.  The following text 
       string is encrypted within the GoldGeld viral code: 
               "Es ist nicht alles Gold, was gl„nzt! 
       The text string "EEK" can be found unencrypted within the viral 
       code in all infected programs. 
       It is unknown what GoldGeld does besides replicate. 

Show viruses from discovered during that infect .

Main Page