Magnitogorsk 2048 Virus


 Virus Name:  Magnitogorsk 2048 
 Aliases: 
 V Status:    Rare 
 Discovered:  May, 1991 
 Symptoms:    .COM & .EXE growth; decrease in total system and available 
              memory 
 Origin:      USSR 
 Eff Length:  2,048 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, AVTK, NAV, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Magnitogorsk 2048 virus was submitted from Europe in May, 
       1991.  It is originally from the USSR.  Magnitogorsk 2048 is 
       a later version of the 2560 virus, and some anti-viral utilities 
       will detect it as 2560. 
 
       The first time a program infected with Magnitogorsk 2048 is 
       executed, the virus will install itself memory resident at the 
       top of system memory but below the 640K DOS boundary.  Total system 
       and available free memory, as measured by the DOS CHKDSK program, 
       will decrease by 4,160 bytes.  Interrupts 08, 13, 21, and 22 will 
       be hooked by the virus. 
 
       After Magnitogorsk 2048 is memory resident, it will infect .COM 
       and .EXE programs larger than approximately 2K when they are 
       opened or executed.  Infected programs will increase in size by 
       2,048 bytes with the virus being located at the end of the infected 
       program.  The program's date and time in the disk directory will 
       not be altered. 
 
       Magnitogorsk 2048 will also infect COMMAND.COM when it is opened 
       or executed.  In the case of COMMAND.COM, the infected program will 
       not have any file length increase as the virus will overwrite a 
       portion of COMMAND.COM's stack space. 
 
       Magnitogorsk 2048 is a stealth virus, as is 2560.  While these 
       viruses do not hide their file length increase, they do actively 
       use techniques to avoid detection by anti-viral utilities not 
       aware of them. 
 
       It is unknown if Magnitogorsk 2048 does anything besides replicate. 
 
       See:   2560 

Show viruses from discovered during that infect .

Main Page