Lucky7 Virus

 Virus Name:  Lucky7  
 V Status:    Viron 
 Discovered:  November, 1994 
 Symptoms:    .COM & .EXE files overwritten; file date/time changes; 
              message displayed; program corruption 
 Origin:      Unknown 
 Eff Length:  4,496 or 5,488 Bytes Overwriting 
 Type Code:   ONAK - Overwriting Non-Resident .COM & .EXE Infector 
 Detection Method:  Sweep, NAV, ViruScan, NAVDX, AVTK 7.68+, 
                    Sweep/N, NShld, NAV/N, AVTK/N 7.68+ 
 Removal Instructions:  Delete & replace infected programs 
 General Comments: 
       The Lucky7 virus was received in November, 1994.  Its origin or point 
       of isolation is unknown.  Lucky7 is a non-resident overwriting virus 
       which infects .COM and .EXE files, including COMMAND.COM. 
       When a program infected with the Lucky7 virus is executed, this 
       virus will infect all of the .EXE files located in the current 
       directory.  If all of the .EXE files were previously infected by the 
       virus, it will then infect all of the .COM files located in the 
       Infected .EXE files will have the first 4,496 bytes of the host file 
       overwritten by the Lucky7 viral code.  If the program was originally 
       smaller than 4,496 bytes, it will become 4,496 bytes.  Otherwise, no 
       no file length increase will occur.  Infected .COM files will have 
       the first 5,488 bytes overwritten by the viral code, with files 
       originally smaller than 5,488 bytes becoming 5,488 bytes in length. 
       In both cases, the file's date and time in the DOS disk directory 
       listing will be changed to the current system date and time when 
       infection occurred.  The following text strings can be found within 
       the viral code in all infected programs: 
               "Program too big to fit in memory" 
               "Your clone is infected with "Lucky7"" 
               "Runtime error" 
       The first and fourth text strings indicated above may be displayed 
       by the virus when an infected program is executed.  The last text 
       string is from the compiler used by the author of the virus. 

Show viruses from discovered during that infect .

Main Page