Multi 1.1 Virus

 Virus Name:  Multi 1.1 
 V Status:    Rare 
 Discovered:  March, 1993 
 Symptoms:    .COM & .EXE growth; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  2,560 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  AVTK, F-Prot, Sweep, ViruScan, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    Sweep/N, Innoc, NShld, AVTK/N, NAV/N, NProt, IBMAV/N, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Multi 1.1 virus was submitted in March, 1993.  Its origin or 
       point of isolation is unknown, but it may be from the USSR.  Multi 
       1.1 is a memory resident stealth virus which infect .COM and .EXE 
       programs, including COMMAND.COM. 
       When the first Multi 1.1 infected program is executed, the Multi 1.1 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, hooking interrupt 24.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 2,608 bytes.  Interrupt 12's return 
       will not have been moved. 
       Once the Multi 1.1 virus is memory resident, it will infect .COM and 
       .EXE programs when they are executed or opened for any reason. 
       Infected programs will have a file length increase of 2,560 bytes, 
       though the file length increase will be hidden when the virus is 
       resident in memory.  The virus is located at the end of infected 
       files.  The program's date and time in the DOS disk directory listing 
       will not be altered.  The following text string is visible within 
       the viral code in Multi 1.1 infected files when the virus is not 
       resident in memory: 
               "MultiVirus(R), Release 1.1, Copyright (c) 1990-92 by" 
       Multi 1.1 is a full stealth virus, and disinfects programs as they 
       are read into memory.  As such, anti-viral CRC and checksumming 
       programs may not be able to detect its presence on the system. 

Show viruses from discovered during that infect .

Main Page