4870 Overwriting Virus

Virus Name: 4870 Overwriting Aliases: 4870 V Status: Viron Discovery: February, 1991 Origin: Unknown Symptoms: Programs fail to execute; program corruption Eff Length: 4,870 Bytes Type Code: ONAK - Overwriting Non-Resident .COM & .EXE Infector Detection Method: F-Prot, ViruScan, AVTK, Sweep, IBMAV, NAV, NAVDX, VAlert, ChAV Sweep/N, Innoc, AVTK/N, NAV/N, NProt, NShld, IBMAV/N Removal Instructions: Delete infected files General Comments: The 4870 Overwriting virus was isolated in February, 1991. It's origin or isolation point is not known. This virus is a non-resident direct action virus that infects .COM and .EXE programs, including COMMAND.COM. When a program infected with the 4870 Overwriting virus is executed, the virus will search the current directory for an uninfected .COM or .EXE file. The first such uninfected file located will be infected by the virus. Infected programs will have the first 4,870 bytes of the candidate program overwritten by the virus. If the program's original length was 4,870 bytes or more, there will be no increase in the file length in the DOS directory. If the program's original length was less than 4,870 bytes, then the program's length in the DOS directory will now be 4,870 bytes. The file's date and time in the directory will not be altered. Programs infected with the 4870 Overwriting virus will not execute properly. Once the virus checked for a program to infect, and infected the candidate program if one was found, the virus will terminate and return the user to a DOS prompt. A side note on this virus: the virus itself is compressed with the LZEXE utility, which accounts for much of the 4,870 bytes of viral code. Programs infected with this virus will have the markers of LZEXE version .91 found in the first 4,870 bytes of the infected program. It is not possible to disinfect programs infected with the 4870 Overwriting virus as the first 4,870 bytes of the original program are lost. Infected programs must be deleted or erased, then replaced with clean copies.