Guppy Virus

 Virus Name:  Guppy 
 V Status:    Rare 
 Discovered:  October, 1990 
 Symptoms:    TSR; .COM growth; error messages; disk boot failures 
 Origin:      United States 
 Eff Length:  152 Bytes 
 Type Code:   PRsCK - Resident Parasitic .COM &.EXE Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, NAV, Sweep, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Guppy virus was submitted in late October, 1990 by Paul Ferguson 
       of Washington, DC.  Guppy is a memory resident infector of .COM 
       files, including COMMAND.COM. 
       The first time a program infected with the Guppy virus is executed, 
       the virus will install itself memory resident as a low system memory 
       TSR with interrupt 21 hooked.  Available free memory will decrease 
       by 720 bytes. 
       After the virus is memory resident, any .COM file with a file length 
       of at least 100 bytes (approximately) that is executed will become 
       infected with Guppy.  Infected files will increase in length by 152 
       bytes, with two bytes added to the beginning of the .COM file, and 
       150 bytes added to the end of the file.  Infected files will also 
       have their date/time stamps in the directory updated to the system 
       date and time when the infection occurred. 
       If COMMAND.COM is executed with Guppy memory resident, it will 
       become infected.  If the system is later booted from a disk with a 
       Guppy infected COMMAND.COM, the boot will fail and a "Bad or Missing 
       Command Interpreter" message will be displayed. 
       Some programs will also fail to execute properly once infected with 
       Guppy.  For example, attempts to execute EDLIN.COM after it was 
       executed on my system resulted in a consistent "Invalid drive or 
       file name" message, and EDLIN ending execution. 
       Infected files can be identified as they will end with the following 
       hex character string: 3ECD211F5A5B58EA 
       Known variant(s) of Guppy are: 
       Guppy-B: Almost identical to Guppy, there are a few bytes which have 
                been altered in this variant. 

Show viruses from discovered during that infect .

Main Page