Virus Name: Manzon
V Status: New
Discovered: January, 1996
Symptoms: .COM & .EXE growth; file date/time changes;
decrease in available free memory
Eff Length: 1,430 - 1,484 Bytes (Approximate)
Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector
Detection Method: AVTK, NAV, NAVDX, IBMAV, ViruScan, F-Prot, PCScan,
NAV/N, IBMAV/N, NShld, AVTK/N, Innoc 4.0+
Removal Instructions: Delete infected files
The Manzon virus was received in January, 1996. Its origin or
point of isolation is unknown. Manzon is a memory resident infector
of .COM and .EXE files, including COMMAND.COM.
When the first Manzon infected program is executed, this virus will
install itself memory resident at the top of system memory but below
the 640K DOS boundary, not moving interrupt 12's return. Available
free memory, as indicated by the DOS CHKDSK program from DOS 5.0,
will have decreased by 1,744 bytes. Interrupt 21 will be hooked by
the virus in memory.
Once the Manzon virus is memory resident, it will infect .COM and
.EXE files, including COMMAND.COM, when they are executed. Infected
files will have a file length increase of approximately 1,430 to
1,484 bytes with the virus being located at the end of the file.
The program's date and time in the DOS disk directory listing will
have been updated to the current system date and time when infection
occurred. The following text string is encrypted within the viral
"MANZON (c) Sgg1F5PZ"
It is unknown what the Manzon virus may do besides replicate.