Virus Name: Graveyard-479
V Status: Rare
Discovered: July, 1993
Symptoms: .COM file growth;
decrease in total system & available free memory
Eff Length: 479 Bytes
Type Code: PRtCK - Parasitic Resident .COM Infector
Detection Method: ViruScan, F-Prot, NAVDX, NAV, AVTK 7.68+,
NShld, NAV/N, AVTK/N 7.68+
Removal Instructions: Delete infected files
The Graveyard-479 virus was received from Norway in July, 1993.
It is a memory resident infector of .COM programs, including
When the first Graveyard-479 infected program is executed, the
Graveyard-479 virus will install itself memory resident at the
top of system memory but below the 640K DOS boundary, moving
interrupt 12's return. Total system and available free memory,
as indicated by the DOS CHKDSK program, will have decreased by
1,024 bytes. This virus directly hooks interrupt 21, though mapping
programs will not show the virus having hooked this interrupt.
Once the Graveyard-479 virus is memory resident, it will infect
.COM programs, including COMMAND.COM, when they are executed.
Infected programs will have a file length increase of 479 bytes
with the virus being located at the end of the file. The program's
date and time in the DOS disk directory listing will not be
altered. The following text strings are encrypted within the
Graveyard-479 viral code:
It is unknown what Graveyard-479 may do besides replicate.