Munich Virus


 Virus Name:  Munich 
 Aliases:    
 V Status:    Rare 
 Discovered:  March, 1992 
 Symptoms:    .COM file growth; system hangs; boot failure; messages 
 Origin:      Germany 
 Eff Length:  2,355 - 2,370 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, IBMAV, NAV, 
                    Sweep, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, LProt, Innoc, NProt, AVTK/N, IBMAV/N, 
                    NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Munich virus was isolated in Germany in March, 1992.  Munich 
       is a non-resident, direct action infector of .COM programs, 
       including COMMAND.COM. 
 
       When a program infected with the Munich virus is executed, the 
       virus will infect two .COM programs located in the current 
       directory.  Infected programs will have a file length increase 
       of 2,355 to 2,370 bytes with the virus being located at the end 
       of the program.  The file's date and time in the DOS disk 
       directory listing will not be altered.  Munich is an encrypted 
       virus and no text strings are visible within the viral code in 
       infected programs. 
 
       The Munich virus will display fake error messages when infected 
       programs are executed and system hangs may occur.  Once COMMAND.COM 
       has become infected, the system will fail to boot.  Some of the 
       messages displayed by the Munich virus are: 
 
           "System crashed by unauthorized access, explosion DANGER!!!" 
           "Warning: some memory segments have been overwritten!" 
           "ROM error at F000:0188 during low RMA, please 
            contact your system engineer or local dealer - system halted" 
           "Unrecoverable system error, system halted" 
           "Udvozli Ont a Munnich Ferenc Tarsasag!"

Show viruses from discovered during that infect .

Main Page