Joker-1602 Virus


 Virus Name:  Joker-1602 
 Aliases:    
 V Status:    Rare 
 Discovered:  March, 1993 
 Symptoms:    .COM file growth; system hangs; directory appears to be empty; 
              display of message or jumbled characters with beeping; 
              file date/time changes 
 Origin:      Unknown 
 Eff Length:  1,602 Bytes 
 Type Code:   PRaCK - Parasitic Resident .COM Infector 
 Detection Method:  Sweep, AVTK, ViruScan, F-Prot, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    Sweep/N, NShld, NProt, AVTK/N, IBMAV/N, Innoc, NAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Joker-1602 virus was submitted in March, 1993.  Its origin or 
       point of isolation is unknown.  Joker-1602 is a memory resident 
       infector of .COM programs, including COMMAND.COM. 
 
       When the first Joker-1602 infected program is executed, this virus 
       will install itself memory resident in available free memory, hooking 
       interrupts 25, B4, B6, B8, BA, and BB.  Total system and available 
       free memory, as indicated by the DOS CHKDSK program, will not be 
       altered. 
 
       Once memory resident, Joker-1602 will infect .COM programs when they 
       are executed.  Infected programs will have a file length increase of 
       1,602 bytes with the virus being located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will have 
       been updated to the current system date and time when infection 
       occurred.  The following text strings are encrypted within the 
       Joker-1602 viral code: 
 
               "I'm hungry! Insert PIZZA & BEER into drive A: and" 
               "Strike any key when ready..." 
               "Abort, Retry, Ignore, Fail?" 
               "Fail on INT 24" 
               "Impotence error reading user's dick" 
               "Program too big to fit in memory" 
               "Cannot load COMMAND, system halted" 
               "I'm sorry, Dave.... but I'm afraid I can't do that!" 
               "Format another? (Y/N)?" 
               "Damn it! I told you not to touch that!" 
               "Suck me!" 
               "Cocksucker At Keyboard error reading device CON:" 
               "I'm sorry, but your call cannot be completed as dialed." 
               "Please hang up & try your call again." 
               "No!" 
               "Panic kernal mode interrupt" 
               "CONNECT 1200." 
               "Okey, okay! Be patient!..." 
               "And if I refuse?" 
               "Fuck the world and its followers!" 
               "You are pathetic, man... you know that?" 
 
       Systems infected with Joker-1602 will experience frequent system 
       hangs.  If the user attempts to boot the system with an infected 
       copy of COMMAND.COM, issuing a DOS DIR command will result in only 
       COMMAND.COM being listed as present in the directory.  Additionally, 
       the display of one of the above messages or garbled characters 
       accompanied by beeping may occur.

Show viruses from discovered during that infect .

Main Page