4870 Overwriting Virus

 Virus Name:  4870 Overwriting 
 Aliases:     4870 
 V Status:    Viron 
 Discovery:   February, 1991 
 Origin:      Unknown 
 Symptoms:    Programs fail to execute; program corruption 
 Eff Length:  4,870 Bytes 
 Type Code:   ONAK - Overwriting Non-Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, ViruScan, AVTK, Sweep, IBMAV, NAV, 
                    NAVDX, VAlert, ChAV 
                    Sweep/N, Innoc, AVTK/N, NAV/N, NProt, NShld, IBMAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The 4870 Overwriting virus was isolated in February, 1991.  It's 
       origin or isolation point is not known.  This virus is a 
       non-resident direct action virus that infects .COM and .EXE 
       programs, including COMMAND.COM. 
       When a program infected with the 4870 Overwriting virus is executed, 
       the virus will search the current directory for an uninfected .COM 
       or .EXE file.  The first such uninfected file located will be 
       infected by the virus.  Infected programs will have the first 4,870 
       bytes of the candidate program overwritten by the virus.  If the 
       program's original length was 4,870 bytes or more, there will be no 
       increase in the file length in the DOS directory.  If the program's 
       original length was less than 4,870 bytes, then the program's length 
       in the DOS directory will now be 4,870 bytes.  The file's date and 
       time in the directory will not be altered. 
       Programs infected with the 4870 Overwriting virus will not execute 
       properly.  Once the virus checked for a program to infect, and 
       infected the candidate program if one was found, the virus will 
       terminate and return the user to a DOS prompt. 
       A side note on this virus: the virus itself is compressed with the 
       LZEXE utility, which accounts for much of the 4,870 bytes of viral 
       code.  Programs infected with this virus will have the markers of 
       LZEXE version .91 found in the first 4,870 bytes of the infected 
       It is not possible to disinfect programs infected with the 4870 
       Overwriting virus as the first 4,870 bytes of the original program 
       are lost.  Infected programs must be deleted or erased, then 
       replaced with clean copies. 

Show viruses from discovered during that infect .

Main Page