Virus Name: MindRiot
V Status: Viron
Discovered: December, 1992
Symptoms: .EXE files overwritten; program corruption
Eff Length: 814 Bytes Overwriting
Type Code: ONE - Overwriting Non-Resident .EXE Infector
Detection Method: AVTK, IBMAV, ViruScan, F-Prot, Sweep,
NAV, NAVDX, VAlert, PCScan, ChAV,
LProt, NShld, Sweep/N, Innoc, AVTK/N, NAV/N, IBMAV/N,
Removal Instructions: Delete infected files
The MindRiot virus was submitted in December, 1992. Its origin or
point of isolation is unknown. MindRiot is a non-resident, direct
action overwriting virus which infects .EXE programs.
When a program infected with the MindRiot virus is executed, the
MindRiot virus check to see if current directory is a root directory.
If it is, the virus will not infect anything, and the user will be
returned to the DOS prompt. If the current directory is not the
current drive's root directory, the virus will infect one .EXE file
in the current directory.
Programs infected with the MindRiot virus will have the first 814
bytes of the host program overwritten by the MindRiot viral code.
The programs will not increase in size unless they were originally
smaller than 814 bytes, in which case they will become 814 bytes in
length. The program's date and time in the DOS disk directory
listing will not be altered. The following text strings are
encrypted within the MindRiot viral code:
"* *.EXE *.* \"
"If You Think You Saw A Part Of Your Source Code In This
You're Probably Right!"
"When Making This I Used Pieces From Other Sources...
heheh...What Can I Say?"
"I'm A Pirate At Heart!"
Programs infected with the MindRiot virus are permanently corrupted,
and should be replaced with clean, uninfected copies.
Known variant(s) of MindRiot are:
MindRiot-B: Received in October, 1993, MindRiot-B is a 907 byte
variant of the MindRiot virus described above. It over-
writes the first 907 bytes of host .EXE files. The
following text strings are encrypted within the viral code:
"* *.EXE *.* \"
"YAM 92 -Mind Riot Strain B- LiCl"
"The Mind Riot - Strain B -LiCl"
"Howrya: Mr. M, Nap, N.S, S.M, Displ, Lov, Otto, A.B, K.P"
"Whatsup: RABID, SKISM, SAC, CPI, Etc, Etc."
"Middle Finger To: McAffee"
MindRiot-B only infects files located in a subdirectory
on the system hard disk. System hangs may occur when
infected programs are executed.
Origin: Unknown October, 1993.