Itti Virus

 Virus Name:  Itti 
 Aliases:     Itti-A 
 V Status:    Viron 
 Discovered:  April, 1992 
 Symptoms:    .COM file corruption; boot failures; "EXEC failure" message; 
              system hangs 
 Origin:      Unknown 
 Eff Length:  161 Bytes 
 Type Code:   ONCK - Overwriting Non-Resident .COM Infector 
 Detection Method:  F-Prot, Sweep, ViruScan, AVTK, ChAV, 
                    IBMAV, NAV, NAVDX, VAlert, PCScan, 
                    NShld, Sweep/N, LProt, Innoc, NProt, AVTK/N, IBMAV/N, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Itti virus was received in April, 1992.  Its origin is unknown. 
       Itti is a non-resident overwriting virus which infects .COM 
       programs, including COMMAND.COM. 
       When a program infected with Itti is executed, the Itti virus will 
       infect one .COM program located in the current directory by over- 
       writing the host program's first 161 bytes.  There will be no 
       change to the file's length unless it was originally smaller than 
       161 bytes.  In the case of .COM files smaller than 161 bytes, their 
       length becomes 161 bytes.  There will be no change to the file's 
       date and time in the DOS disk directory listing. 
       Once the Itti virus has completed infecting a file, it will display 
       the following message and return the user to the DOS prompt: 
               "EXEC failure" 
       The above message, plus the text string "*.COM", can be found in 
       the first 161 bytes of infected programs. 
       Systems infected with the Itti virus will experience boot failures 
       if the copy of COMMAND.COM located in the root directory of the 
       bootable partition of the hard disk becomes infected.  System 
       hangs will occur if the Itti virus cannot find an uninfected .COM 
       program to infect. 
       Known variant(s) of Itti are: 
       Itti-B: A 99 byte variant of Itti, this variant does not 
               display the "EXEC failure" message, and the message is not 
               contained within the viral code.  Infected programs will 
               have their file date and time in the DOS disk directory 
               updated to the system date and time when infection 
               Origin:  Unknown  April, 1992 

Show viruses from discovered during that infect .

Main Page