Leningrad II Virus

 Virus Name:  Leningrad II 
 Aliases:     Leningrad II.2000.A 
 V Status:    Rare 
 Discovered:  April, 1994 
 Symptoms:    .COM file growth; 
              decrease in total system & available free memory 
 Origin:      USSR 
 Eff Length:  2,000 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  F-Prot, Sweep, IBMAV, AVTK, ViruScan, NAV, 
                    NAVDX, VAlert, ChAV, PCScan, 
                    AVTK/N, Sweep/N, IBMAV/N, Innoc, NProt, NShld, NAV/N, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Leningrad II virus was submitted in April, 1994, and appears to 
       be from the USSR.  Leningrad II is a memory resident infector of 
       .COM programs, including COMMAND.COM. 
       When the first Leningrad II infected program is executed, this virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 4,096 bytes.  Interrupts 1C and 21 
       will be hooked by the virus in memory. 
       Once memory resident, the Leningrad II virus will infect .COM 
       programs when they are executed.  Infected programs will have a file 
       length increase of 2,000 bytes with the virus being located at the 
       end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  The following text string is 
       repeated many times within the viral code: 
       It is unknown what Leningrad II does besides replicate. 
       Known variant(s) of Leningrad II are: 
       Leningrad II.2000.B: Received in January, 1996, this is a minor 
           variant of the Leningrad II virus described above.  It will 
           occassionally play a tune when the virus is memory resident. 
           Origin:  Unknown  January, 1996. 
       See:   Sov 

Show viruses from discovered during that infect .

Main Page