Ninja Virus

 Virus Name:  Ninja 
 V Status:    Rare 
 Discovered:  October, 1992 
 Symptoms:    .COM & .EXE file growth; decrease in total system & available 
              free memory 
 Origin:      USSR 
 Eff Length:  1,546 - 1,634 Bytes 
 Type Code:   PRhA - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, ViruScan, Sweep, AVTK, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, NProt, AVTK/N, LProt, NAV/N, IBMAV/N, 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Ninja virus was submitted in October, 1992.  It is originally 
       from the USSR.  Ninja is a memory resident infector of .COM and 
       .EXE programs, but not COMMAND.COM.  It spreads quickly, infecting 
       programs when they are executed or opened for any reason. 
       The first time a program infected with the Ninja virus is executed, 
       the Ninja virus will install itself memory resident at the top of 
       system memory but below the 640K DOS boundary.  Total system and 
       available free memory, as indicated by the DOS CHKDSK program, will 
       have decreased by 1,408 bytes.  Interrupt 21 will be hooked by 
       Ninja in memory. 
       Once memory resident, the Ninja virus will infect .COM and .EXE 
       programs when they are executed or opened for any reason.  Infected 
       .COM programs will have a file length increase of 1,634 bytes.  .EXE 
       programs will increase in size by 1,548 bytes.  In both cases, the 
       virus will be located at the end of the file.  The program's date 
       and time in the DOS disk directory listing will not be altered.  The 
       following text strings are encrypted within the viral code, and thus 
       not visible in infected programs: 
               "Mutant Ninja  Version 2.0 (C) 1990,91 Virus&Worm Software" 
       It is unknown what Ninja may do besides replicate. 

Show viruses from discovered during that infect .

Main Page