JoJo 2 Virus


 Virus Name:  JoJo 2 
 Aliases: 
 V Status:    Rare 
 Discovered:  January, 1991 
 Symptoms:    .COM growth; message; "Not enough memory" errors; system 
              hangs; cursor position off 1 character 
 Origin:      United States 
 Eff Length:  1,703 Bytes 
 Type Code:   PRaCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The JoJo 2 virus was submitted in January, 1991, by David Grant of 
       the United States.  This virus is based on the JoJo virus as well as 
       containing part of the decryption string for the Cascade virus.  It 
       is a memory resident infector of .COM files, including COMMAND.COM. 
 
       The first time a program infected with the JoJo 2 virus is executed, 
       the virus will install itself memory resident by altering the 
       command interpreter in memory.  The command interpreter in memory 
       will have a size increase of 1,904 bytes.  There is an additional 48 
       bytes which is reserved by the virus as well, similar to JoJo. 
 
       Once the virus is memory resident, it will infect .COM files as they 
       are executed.  If COMMAND.COM is executed for any reason, it will 
       become infected.  Infected .COM programs will have a file size 
       increase of 1,703 bytes with the virus being located at the end of 
       the infected file. 
 
       Text strings which can be found in files infected with the JoJo 2 
       virus are: 
 
               "The JOJO virus strikes again.xxxxxxxxxxxx zzz" 
               "Fuck the system 1990 - (c)" 
               "141$FLu" 
 
       Systems infected with the JoJo 2 virus may experience system hangs 
       when some infected programs are executed.  Infected programs may 
       also display the "Fuck the system 1990 - (c)" string, or a string of 
       garbage characters from memory.  Attempts to execute some programs 
       may also fail due to "Not enough memory" errors.  Lastly, after the 
       virus has been resident for awhile, the user may notice that the 
       cursor on the system monitor is off by one position to the right 
       from where it should be. 
 
       JoJo 2 may be detected by some anti-viral utilities as an infection 
       of JoJo and Cascade/1701/1704. 
 
       See:   JoJo 

Show viruses from discovered during that infect .

Main Page