Virus Name: Hellraiser
V Status: Viron
Discovered: May, 1992
Symptoms: .EXE file corruption; programs fail to execute properly
Eff Length: 1,580 Bytes
Type Code: ONE - Overwriting Non-Resident .EXE Infector
Detection Method: ViruScan, AVTK, F-Prot, IBMAV, ChAV,
Sweep, NAV, NAVDX, VAlert, PCScan,
NShld, LProt, Sweep/N, Innoc, AVTK/N, IBMAV/N, NAV/N
Removal Instructions: Delete infected files
The Hellraiser virus was received in May, 1992. It is originally
from Canada. This virus is a non-resident, direct action infector
of .EXE programs.
When a program infected with the Hellraiser virus is executed, the
virus will check the current drive to determine if more than two
subdirectories exist. If more than two subdirectories exist, the
virus will start in the third subdirectory and check for two
uninfected .EXE programs to infect.
Hellraiser infected .EXE programs will have the first 1,580 bytes
of the host program overwritten with the Hellraiser virus viral
code, permanently damaging them. There will be no change to the
file's length unless the file was originally smaller than 1,580
bytes in length. In the case of the host program originally being
smaller than 1,580 bytes in length, it will become 1,580 bytes
in length. The file's date and time in the DOS disk directory
listing will not have been altered.
Programs smaller than 64K which are infected with the Hellraiser
virus will return the user to the DOS prompt when the user attempts
to execute them. Programs which are larger than 64K will receive
a "Program too big to fit in memory" message when the user attempts
to execute them.