K-4C Virus


 Virus Name:  K-4C 
 Aliases: 
 V Status:    Rare 
 Discovered:  June, 1993 
 Symptoms:    .COM file growth 
 Origin:      Sweden or The Netherlands 
 Eff Length:  737 Bytes 
 Type Code:   PRfCK - Parasitic Resident .COM Infector 
 Detection Method:  F-Prot, ViruScan, IBMAV, Sweep, AVTK, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, NProt, AVTK/N, IBMAV/N, Innoc, NAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The K-4C virus was submitted in June, 1993, and is from either 
       Sweden or The Netherlands.  K-4C is a memory resident virus, though 
       it infects via direct action.  The memory resident portion of the 
       virus contains some code to make it resistant to the use of debuggers 
       to analyse the virus. 
 
       When the first K-4C virus infected program is executed, the K-4C 
       virus will install some code in available free memory, hooking 
       interrupt 03.  This code is not used for the virus to replicate, but 
       rather to thwart analysing the virus.  The virus will then infect up 
       to five .COM files in the current directory.  Later, when the user 
       executes another K-4C infected program, the code is not reinstalled 
       in memory, but up to five more .COM programs are infected.  The virus 
       will not infect more than sixteen files in a given directory. 
 
       Programs infected with the K-4C virus will have a file length 
       increase of 737 bytes with the virus being located at the end of 
       the file.  The program's date and time will not be altered.  The 
       following text strings are encrypted within the K-4C virus: 
 
               "K-4C VIRUS by K”hntark*.COM" 
               "????????COM" 
 
       K-4C is a later version of the K-4B virus. 
 
       See:   K-4B   Kohntark 

Show viruses from discovered during that infect .

Main Page