Virus Name: Joker-1602
V Status: Rare
Discovered: March, 1993
Symptoms: .COM file growth; system hangs; directory appears to be empty;
display of message or jumbled characters with beeping;
file date/time changes
Eff Length: 1,602 Bytes
Type Code: PRaCK - Parasitic Resident .COM Infector
Detection Method: Sweep, AVTK, ViruScan, F-Prot, IBMAV,
NAV, NAVDX, VAlert, PCScan, ChAV,
Sweep/N, NShld, NProt, AVTK/N, IBMAV/N, Innoc, NAV/N,
Removal Instructions: Delete infected files
The Joker-1602 virus was submitted in March, 1993. Its origin or
point of isolation is unknown. Joker-1602 is a memory resident
infector of .COM programs, including COMMAND.COM.
When the first Joker-1602 infected program is executed, this virus
will install itself memory resident in available free memory, hooking
interrupts 25, B4, B6, B8, BA, and BB. Total system and available
free memory, as indicated by the DOS CHKDSK program, will not be
Once memory resident, Joker-1602 will infect .COM programs when they
are executed. Infected programs will have a file length increase of
1,602 bytes with the virus being located at the end of the file. The
program's date and time in the DOS disk directory listing will have
been updated to the current system date and time when infection
occurred. The following text strings are encrypted within the
Joker-1602 viral code:
"I'm hungry! Insert PIZZA & BEER into drive A: and"
"Strike any key when ready..."
"Abort, Retry, Ignore, Fail?"
"Fail on INT 24"
"Impotence error reading user's dick"
"Program too big to fit in memory"
"Cannot load COMMAND, system halted"
"I'm sorry, Dave.... but I'm afraid I can't do that!"
"Format another? (Y/N)?"
"Damn it! I told you not to touch that!"
"Cocksucker At Keyboard error reading device CON:"
"I'm sorry, but your call cannot be completed as dialed."
"Please hang up & try your call again."
"Panic kernal mode interrupt"
"Okey, okay! Be patient!..."
"And if I refuse?"
"Fuck the world and its followers!"
"You are pathetic, man... you know that?"
Systems infected with Joker-1602 will experience frequent system
hangs. If the user attempts to boot the system with an infected
copy of COMMAND.COM, issuing a DOS DIR command will result in only
COMMAND.COM being listed as present in the directory. Additionally,
the display of one of the above messages or garbled characters
accompanied by beeping may occur.