Virus Name: Munich
V Status: Rare
Discovered: March, 1992
Symptoms: .COM file growth; system hangs; boot failure; messages
Eff Length: 2,355 - 2,370 Bytes
Type Code: PNCK - Parasitic Non-Resident .COM Infector
Detection Method: ViruScan, AVTK, F-Prot, IBMAV, NAV,
Sweep, NAVDX, VAlert, PCScan, ChAV,
NShld, Sweep/N, LProt, Innoc, NProt, AVTK/N, IBMAV/N,
Removal Instructions: Delete infected files
The Munich virus was isolated in Germany in March, 1992. Munich
is a non-resident, direct action infector of .COM programs,
When a program infected with the Munich virus is executed, the
virus will infect two .COM programs located in the current
directory. Infected programs will have a file length increase
of 2,355 to 2,370 bytes with the virus being located at the end
of the program. The file's date and time in the DOS disk
directory listing will not be altered. Munich is an encrypted
virus and no text strings are visible within the viral code in
The Munich virus will display fake error messages when infected
programs are executed and system hangs may occur. Once COMMAND.COM
has become infected, the system will fail to boot. Some of the
messages displayed by the Munich virus are:
"System crashed by unauthorized access, explosion DANGER!!!"
"Warning: some memory segments have been overwritten!"
"ROM error at F000:0188 during low RMA, please
contact your system engineer or local dealer - system halted"
"Unrecoverable system error, system halted"
"Udvozli Ont a Munnich Ferenc Tarsasag!"