Kipa Virus


 Virus Name:  Kipa 
 Aliases:    
 V Status:    New 
 Discovered:  January, 1995 
 Symptoms:    .COM & .EXE growth; 
              decrease in available free memory (DOS 5.0) 
 Origin:      USSR 
 Eff Length:  1,084 - 1,098 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, Sweep, ViruScan, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    AVTK/N, IBMAV/N, Sweep/N, NShld, NAV/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Kipa virus was received in January, 1995.  It appears to be 
       from Moscow.  Kipa is a memory resident infector of .COM and .EXE 
       files, including COMMAND.COM. 
 
       When the first Kipa infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory, as indicated by the DOS 5.0 CHKDSK program, will have 
       decreased by approximately 2,064 bytes.  Interrupt 21 will be hooked 
       by the virus in memory. 
 
       Once the Kipa virus is memory resident, it will infect .COM and .EXE 
       files, including COMMAND.COM, when they are executed.  Infected 
       programs will have a file length increase of 1,084 to 1,098 bytes 
       with the virus being located at the end of the file.  The file's 
       date and time in the DOS disk directory listing will not be altered. 
       The following text string is visible within the viral code in all 
       Kipa infected programs: 
 
               "The KIPA new Version 3.1 copyright (c) 1993 by 
                Sergey Hacker,Moscow;15 years old" 
 
       It is unknown what Kipa may do besides replicate.

Show viruses from discovered during that infect .

Main Page