Matura Virus

 Virus Name:  Matura 
 V Status:    Rare 
 Discovered:  December, 1992 
 Symptoms:    .COM file growth; unexpected accesses to C: drive 
 Origin:      Unknown 
 Eff Length:  549 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  Sweep, AVTK, F-Prot, ViruScan, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Matura virus was submitted in December, 1992.  Its origin or 
       point of isolation is unknown.  Matura is a non-resident, direct 
       action infector of .COM programs, including COMMAND.COM. 
       When a program infected with the Matura virus is executed, the 
       Matura virus will infect one .COM program on the current drive, 
       and one program on the C: drive.  Infected programs will have a 
       file length increase of 549 bytes with the virus being located at 
       the end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  The following text string 
       can be found in all Matura infected programs: 
       It is unknown what Matura does when it activates, but it does 
       contain some destructive code. 
       Known variant(s) of Matura are: 
       Matura 92: Based on the Matura virus described above, this 
                  is a memory resident variant.  It becomes memory resident 
                  at the top of system memory but below the 640K DOS 
                  boundary, taking up 1,776 bytes, and hooking interrupt 
                  21.  Once resident, it infects .COM and .EXE programs, 
                  including COMMAND.COM, when they are executed or opened. 
                  With the exception of COMMAND.COM, infected programs 
                  increase in size by 1,626 to 1,641 bytes with the virus 
                  being located at the end of the file.  In the case of 
                  COMMAND.COM, there is no increase in file length as the 
                  virus overwrites a portion of the hex "00" slack area. 
                  No change in the DOS disk directory file date and time 
                  occurs on infected files.  The following text strings 
                  are visible within the viral code in all infected programs: 
                  Origin:  Unknown  September, 1993. 

Show viruses from discovered during that infect .

Main Page