A&A Virus


 Virus Name:  A&A 
 Aliases:    
 V Status:    Rare 
 Discovery:   February, 1993 
 Symptoms:    .COM file growth; file date/time changes 
 Origin:      USSR 
 Eff Length:  506 Bytes 
 Type Code:   PRxC - Parasitic Resident .COM Infector 
 Detection Method:  Sweep, AVTK, F-Prot, ViruScan, NAV, IBMAV, NAVDX, 
                    VAlert, PCScan, ChAV, 
                    Sweep/N, NShld, AVTK/N, NProt, NAV/N, IBMAV/N, Innoc, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The A&A virus was submitted in February, 1993, and is from the 
       USSR.  A&A is a memory resident infector of .COM programs, but not 
       COMMAND.COM.  It uses a tunneling technique to avoid detection by 
       anti-viral monitoring programs. 
 
       When the first A&A infected program is executed, the A&A virus will 
       install itself memory resident in a "hole" in low allocated system 
       memory, hooking interrupt 21.  Total system and available free 
       memory, as indicated by the DOS CHKDSK program, will not be altered. 
  
       Once the A&A virus is memory resident, it will infect .COM programs 
       other than COMMAND.COM when they are executed.  Infected programs 
       will have a file length increase of 506 bytes with the virus being 
       located at the beginning of the file.  The program's date and time 
       in the DOS disk directory listing will have been updated to the 
       current system date and time when infection occurred.  The following 
       text string can be found within the viral code in all A&A infected 
       programs: 
 
               "{A&A}" 
 
       It is unknown what A&A may do besides replicate.

Show viruses from discovered during that infect .

Main Page