JoJo Virus


 Virus Name:  JoJo 
 Aliases: 
 V Status:    Rare 
 Discovered:  May, 1990 
 Symptoms:    .COM growth; system hangs; graphic screen display 
 Origin:      Israel 
 Eff Length:  1,701 Bytes 
 Type Code:   PRaC - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, NAV, AVTK, Sweep, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  F-Prot, or delete infected files 
 
 General Comments: 
       The JoJo virus was discovered in Israel in May, 1990.  The virus' 
       name comes from a message within the viral code: 
 
          "Welcome to the JOJO Virus." 
 
       One other message appears within the virus, indicating that it was 
       written in 1990.  This message is: "Fuck the system (c) - 1990". 
       Both messages within the viral code are never displayed. 
 
       When the first file infected with the JoJo virus is executed on a 
       system, the virus will install itself memory resident.  The method 
       used is to alter the command interpreter in memory, expanding its 
       size.  As an example, on my test system, the command interpreter in 
       memory increased in size from 3,536 bytes to 5,504 bytes.  One block 
       of 48 bytes is also reserved in available free memory.  The change 
       in free memory will be a net decrease of 2,048 bytes. 
 
       The JoJo virus will not infect files if interrupt 13 is in use by 
       any other program.  Instead the virus will clear the screen, and the 
       system will be hung.  If the user performs a warm reboot 
       (CTRL-ALT-DEL), the virus will remain in memory. 
 
       Once the virus is able to become memory resident with interrupt 13 
       hooked, any .COM file executed will be infected by the virus. 
       Infected files will increase in length by 1,701 bytes. 
 
       JoJo is based on the Cascade virus, though it does not make use of 
       the encryption mechanism in Cascade. 
 
       JoJo produces a screen display of multicolored diamonds when it 
       activates.  Activation will occur on graphic displays when an 
       infected program is executed after JoJo is memory resident. 
 
       Known variant(s) of JoJo are: 
       JoJo-B: A minor variant of the JoJo virus, JoJo-B's encryption 
               has been slightly modified. 
               Origin:  Unknown  July, 1992. 
       JoJo-C: Received in November, 1993, JoJo-C is another minor 
               variant of the virus which has been altered to avoid 
               being detected by a particular anti-viral program.  It is 
               not believed to be in the public domain. 
               Origin:  Unknown  November, 1993. 
 
       See:   Cascade   Cascade-B   JoJo 2

Show viruses from discovered during that infect .

Main Page