Manzon Virus


 Virus Name:  Manzon 
 Aliases: 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .COM & .EXE growth; file date/time changes; 
              decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  1,430 - 1,484 Bytes (Approximate) 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method: AVTK, NAV, NAVDX, IBMAV, ViruScan, F-Prot, PCScan, 
                   ChAV, 
                   NAV/N, IBMAV/N, NShld, AVTK/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Manzon virus was received in January, 1996.  Its origin or 
       point of isolation is unknown.  Manzon is a memory resident infector 
       of .COM and .EXE files, including COMMAND.COM. 
 
       When the first Manzon infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 1,744 bytes.  Interrupt 21 will be hooked by 
       the virus in memory. 
 
       Once the Manzon virus is memory resident, it will infect .COM and 
       .EXE files, including COMMAND.COM, when they are executed.  Infected 
       files will have a file length increase of approximately 1,430 to 
       1,484 bytes with the virus being located at the end of the file. 
       The program's date and time in the DOS disk directory listing will 
       have been updated to the current system date and time when infection 
       occurred.  The following text string is encrypted within the viral 
       code: 
 
           "MANZON (c) Sgg1F5PZ" 
 
       It is unknown what the Manzon virus may do besides replicate.

Show viruses from discovered during that infect .

Main Page