KeyKap Virus

 Virus Name:  KeyKap 
 Aliases:     KeyKap.1074, Spawn 
 V Status:    New 
 Discovered:  January, 1995 
 Symptoms:    .COM files created; .BAT files may hang system when run; 
              decrease in available free memory (DOS 5.0) 
 Origin:      Unknown 
 Eff Length:  1,074 Bytes 
 Type Code:   SRhE - Spawning/Companion Resident .EXE Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAV, NAVDX, 
                    VAlert, PCScan, ChAV, 
                    AVTK/N, IBMAV/N, NShld, Sweep/N, NProt, NAV/N, LProt, 
                    Innoc 4.0+ 
 Removal Instructions:  Delete hidden companion .COM files 
 General Comments: 
       The KeyKap, KeyKap.1074 or Spawn, virus was received in January, 
       1995.  Its origin or point of isolation is unknown.  KeyKap is a 
       memory resident companion or spawning virus which infects .EXE 
       files by creating a hidden companion .COM file. 
       When the first KeyKap infected program is executed, this virus 
       will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, hooking interrupts 09, 13, and 21. 
       Total system and available free memory, as indicated by the 
       DOS CHKDSK program, will have decreased by 3,072 bytes. 
       Once the KeyKap virus is memory resident, it will infect .EXE files 
       when they are executed by creating a companion, hidden .COM file 
       of 1,074 bytes.  The .EXE files will not be altered, the companion 
       .COM files contain the viral code.  The companion .COM files are 
       1,074 bytes in length and have the current system date and time in 
       the DOS disk directory.  They are not visible in a DOS disk 
       directory listing as the Hidden attribute has been set.  The 
       following text string can be found within the viral code in the 
       companion .COM files: 
               "KKV.90 KeyKapture Virus v0.90 [Hellspawn-II] (c) 1994 
                by Stormbringer [PS]" 
       Systems infected with this virus may hang when .BAT files are 
       Known variant(s) of KeyKap are: 
       KeyKap.1077: Also received in January, 1995, this is a 1,077 
           byte variant of the KeyKap virus described above.  Its hidden 
           .COM files are 1,077 bytes in size.  It contains the same 
           text string as the original virus. 
              Origin:  Unknown  January, 1995. 

Show viruses from discovered during that infect .

Main Page