Virus Name: Jolter
V Status: New
Discovered: July, 1995
Symptoms: .COM & .EXE growth; file date/time seconds = "62";
decrease in available free memory
Eff Length: 2,197 Bytes
Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector
Detection Method: AVTK, VAlert, NAV, NAVDX, IBMAV, ViruScan, F-Prot,
NAV/N, IBMAV/N, NShld, AVTK/N, Innoc
Removal Instructions: Delete infected files
The Jolter or Jolter.2197 virus was recieved in July, 1995. Its
origin or point of isolation is unknown. Jolter is a memory
resident fast infector of .COM and .EXE programs, including
When the first Jolter infected program is executed, this virus will
install itself memory resident at the top of system memory but
below the 640K DOS boundary, hooking interrupts 1C and 21.
Available free memory, as indicated by the DOS CHKDSK program from
DOS 5.0, will have decreased by approximately 10,256 bytes.
Interrupt 12's return will not have been moved.
Once the Jolter virus is memory resident, it will infect .COM and
.EXE files when they are executed or opened, but not on copy.
Infected programs will have a file length increase of 2,197 bytes
with the virus being located at the end of the file. The program's
date and time in the DOS disk directory listing will not appear to
have been altered, though the seconds field will have been set to
"62". The following text strings are encrypted within the viral
"COMMAND.COM COMMAND EXECOM"
"*.COM *.EXE IBMJOLTER 4.0MZ"
It is unknown what the Jolter virus may do besides replicate.