Albanian Virus

 Virus Name:  Albanian 
 V Status:    Rare 
 Discovery:   May, 1992 
 Symptoms:    .COM & .EXE file growth; file date/time altered; decrease in 
              total system and available free memory 
 Origin:      Unknown 
 Eff Length:  1,991 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, Sweep, F-Prot, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, AVTK/N, NProt, NAV/N, IBMAV/N, Innoc, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Albanian virus was received in May, 1991.  Its origin is 
       unknown.  Albanian is a memory resident infector of .COM and .EXE 
       programs, including COMMAND.COM. 
       When the first program infected with the Albanian virus is executed, 
       the Albanian virus will install itself memory resident at the top of 
       system memory but below the 640K DOS boundary.  It does not move 
       interrupt 12's return.  Total system and available free memory, as 
       measured by the DOS CHKDSK program, will have decreased by 2,000 
       bytes.  Interrupts 08, 17, and 21 will be hooked by Albanian in 
       memory.  Also at this time, the virus will infect COMMAND.COM if it 
       was not previously infected. 
       Once the Albanian virus is memory resident, it will infect .COM and 
       .EXE programs when they are executed or opened for any reason. 
       Infected programs will have a file length increase of 1,991 bytes 
       with the virus being located at the end of the file.  The program's 
       date and time in the DOS disk directory listing will have been 
       updated to 12/17/89 7:21p.  The following text strings can be 
       found within the viral code in infected programs: 
       It is unknown what Albanian does besides replicate. 

Show viruses from discovered during that infect .

Main Page