Jolter Virus


 Virus Name:  Jolter 
 Aliases:     Jolter.2197 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    .COM & .EXE growth; file date/time seconds = "62"; 
              decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  2,197 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method: AVTK, VAlert, NAV, NAVDX, IBMAV, ViruScan, F-Prot, 
                   ChAV, 
                   NAV/N, IBMAV/N, NShld, AVTK/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Jolter or Jolter.2197 virus was recieved in July, 1995.  Its 
       origin or point of isolation is unknown.  Jolter is a memory 
       resident fast infector of .COM and .EXE programs, including 
       COMMAND.COM. 
 
       When the first Jolter infected program is executed, this virus will 
       install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, hooking interrupts 1C and 21. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by approximately 10,256 bytes. 
       Interrupt 12's return will not have been moved. 
 
       Once the Jolter virus is memory resident, it will infect .COM and 
       .EXE files when they are executed or opened, but not on copy. 
       Infected programs will have a file length increase of 2,197 bytes 
       with the virus being located at the end of the file.  The program's 
       date and time in the DOS disk directory listing will not appear to 
       have been altered, though the seconds field will have been set to 
       "62".  The following text strings are encrypted within the viral 
       code: 
 
           "ARJBSACHKDIEICELHAPKLPKZRAR" 
           "COMMAND.COM COMMAND EXECOM" 
           "*.COM *.EXE IBMJOLTER 4.0MZ" 
 
       It is unknown what the Jolter virus may do besides replicate.

Show viruses from discovered during that infect .

Main Page