Legozz Virus


 Virus Name:  Legozz 
 Aliases:     Legozz.1000 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    .COM & .EXE growth; decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  1,000 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method: F-Prot, AVTK, Sweep, NAV, NAVDX, ViruScan, IBMAV, 
                   PCScan, ChAV, 
                   Sweep/N, NAV/N, AVTK/N, NProt, IBMAV/N, NShld, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Legozz virus was received in July, 1995.  Its origin or point of 
       isolation is unknown.  Legozz is a memory resident infector of .COM 
       and .EXE files, including COMMAND.COM. 
 
       When the first Legozz infected program is executed, this virus will 
       install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by 5,632 bytes.  Interrupt 21 will be 
       hooked by the virus in memory. 
 
       Once the Legozz virus is memory resident, it will infect .COM and 
       .EXE files, including COMMAND.COM, when they are executed.  Infected 
       programs will have a file length increase of 1,000 bytes with the 
       virus being located at the end of the file.  The program's date and 
       time in the DOS disk directory listing will not be altered.  The 
       following text strings are encrypted within the viral code: 
 
           "Szetszedtem a geped! Rakd ossze, LEGO-zz!" 
           "LEGO virus" 
           "MESTER (C) 1995" 
 
       It is unknown what the Legozz virus may do besides replicate.

Show viruses from discovered during that infect .

Main Page