Virus Name: It
V Status: Rare
Discovered: August, 1992
Symptoms: .COM & .EXE growth
Eff Length: 454 Bytes
Type Code: PNCK - Parasitic Non-Resident .COM Infector
Detection Method: ViruScan, F-Prot, Sweep, NAV, IBMAV,
AVTK, NAVDX, VAlert, PCScan, ChAV,
NShld, Sweep/N, NAV/N, NProt, AVTK/N, IBMAV/N, Innoc,
Removal Instructions: Delete infected files
The It virus was isolated in Mexico in August, 1992. This virus
is a non-resident direct action infector of .COM programs, including
When a program infected with the It virus is executed, this virus
will infect one previously uninfected .COM program located in the
current directory. Once it has completed infecting all .COM
programs in the current directory, it will start infecting .COM
programs located on the system path. Infected programs will have
a file length increase of 454 bytes with the virus being located at
the end of the infected program. The file's date and time in the
DOS disk directory listing will not be altered. The following text
string can be found within the viral code in all It infected
"(C) ITV85020203 PATH=*.COM"
It doesn't appear to do anything besides replicate.
Known variant(s) of It are:
It-457: Received from Mexico in September, 1992, It-457 is a
457 byte variant of the It virus described above. This
variant is functionally very similar to the original
virus, the major difference being that It-457 adds 457
bytes to the .COM programs it infects. The same text
strings are found in this variant as the original virus.
Origin: Mexico September, 1992.
Viva Mexico: Discovered in Morelia City, Mexico, in December
1992, Viva Mexico is a 449 byte variant of the It virus.
This variant infects one .COM file in the current directory
each time an infected program is executed. Infected
programs will have a file length increase of 449 bytes with
the virus being located at the end of the file. The
program's date and time in the DOS disk directory listing
will not appear to be altered, but the seconds field will
have been set to "60". The following text is visible within
the viral code in all Viva Mexico infected programs:
Viva Mexico activates when an infected program is executed
on September 16th, Mexico's Independence Day. At that time,
the following message will be displayed on the system
monitor and the program the user was attempting to execute
Origin: Mexico December, 1992.