Jerusalem 1767 Virus

 Virus Name:  Jerusalem 1767 
 V Status:    Research 
 Discovered:  October, 1991 (submitted) 
 Symptoms:    TSR; .EXE & .COM growth 
 Origin:      New Zealand 
 Eff Length:  1,767 - 1,779 Bytes 
 Type Code:   PRsAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, ViruScan, AVTK, Sweep, ChAV, 
                    IBMAV, NAV, NAVDX, VAlert, PCScan, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, IBMAV/N, LProt, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Jerusalem 1767 virus was received in October, 1991 from Dr. 
       Henry Wolfe of New Zealand whom indicated that he has had this virus 
       on a diskette for over one year.  The original source of the virus 
       is unknown.  Jerusalem 1767 is a variant of the Jerusalem virus, 
       with some characteristic changes in its behavior. 
       The first time a program infected with Jerusalem 1767 is executed, 
       this virus will install itself memory resident as a low system 
       memory TSR of 2,048 bytes, hooking interrupts 08 and 21. 
       Once Jerusalem 1767 is memory resident, it will infect .COM and .EXE 
       programs when they are executed.  If COMMAND.COM is executed, it 
       will also become infected. 
       Infected .COM programs increase in size by 1,767 bytes with the virus 
       being located at the beginning of the infected file.  The exception 
       is that COMMAND.COM will be infected with the virus being at the end 
       of the file. 
       Infected .EXE programs increase in size by 1,767 to 1,779 bytes with 
       the virus being located at the end of the infected file.  .EXE 
       programs will not be reinfected by this Jerusalem related virus. 
       In both cases, there will be no change to the file's date and time 
       in the DOS disk directory.  Two text strings can be found within the 
       viral code, the first being the infection marker for infected files: 
               "** INFECTED BY FRIDAY 13th **" 
       Jerusalem 1767 does not exhibit the typical Jerusalem / Jerusalem B 
       "black box" after being memory resident for 30 minutes.  A system 
       slowdown also does not occur. 
       See:   Jerusalem 

Show viruses from discovered during that infect .

Main Page