Virus Name: Jasmine
V Status: Viron
Discovery: January, 1995
Symptoms: .EXE files altered; file date/time/changes; message;
.EXE file corruption
Eff Length: 269 Bytes Overwriting
Type Code: ONE - Overwriting Non-Resident .EXE Infector
Detection Method: F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAVDX, VAlert,
NAV, PCScan, ChAV,
AVTK/N, IBMAV/N, NShld, Sweep/N, NProt, NAV/N, LProt,
Removal Instructions: Delete infected files
The Jasmine virus was received in January, 1995. Its origin or
point of isolation is unknown. Jasmine is a non-resident, direct
action overwriting virus which permanently corrupts the .EXE
files it infects.
When a program infected with the Jasmine virus is executed, this
virus will infect the first three .EXE files located in the
current directory, and then display the following message and
return the user to the DOS prompt:
"The Jasmine Virus is loose, better protect your computer.Beware!
There now it works! [JD]"
Files infected with the Jasmine virus will have the first 269 bytes
overwritten with the Jasmine viral code, thus permanently corrupting
the host program. The file's date and time in the DOS disk directory
listing will have been updated to the current system date and time
when infection occurred. In addition to the text string indicated
above as the virus' message, the following additional text strings
can be found within the viral code in all infected files:
"Admiral Bailey [YAM]"
Programs infected with the Jasmine virus cannot be disinfected.
They should be deleted and replaced with uninfected copies.