Ondra Virus

 Virus Name:  Ondra 
 Aliases:     4915 
 V Status:    Viron 
 Discovered:  May, 1992 
 Symptoms:    .EXE programs overwritten; program corruption; access to 
              unexpected hangs; system hangs 
 Origin:      Unknown 
 Eff Length:  5,000 Bytes 
 Type Code:   ONE - Overwriting Non-Resident .EXE Infector 
 Detection Method:  AVTK, ViruScan, F-Prot, Sweep, NAV, NAVDX, VAlert, 
                    PCScan, ChAV, 
                    NShld, Sweep/N, Innoc, AVTK/N, NAV/N, NProt, LProt 
 Removal Instructions:  Delete infected files 
 General Comments: 
       The Ondra virus was submitted in May, 1992.  Its origin is unknown. 
       Ondra is a non-resident direct action overwriting virus which 
       infects .EXE programs. 
       When a program infected with the Ondra virus is executed, the 
       Ondra virus will infect all .EXE programs larger than approximately 
       5,000 bytes located in the current directory.  Once the virus has 
       completed infecting the programs in the current directory, it will 
       start infecting programs on the B: drive.  If the B: drive contains 
       a write-protected diskette, it will retry writing to the drive 
       indefinitely.  Once the virus has completed infecting programs, 
       the user will be returned to the DOS prompt. 
       Programs infected with the Ondra virus will have no file length 
       increase, but rather will be completely overwritten with the viral 
       code and some of the contents of system memory.  The file's date 
       and time in the DOS disk directory listing will not be altered. 
       The following text strings can be found within the viral code in 
       all Ondra infected programs: 
               "Invalid environment" 
               "Runtime error" 
       Systems infected with the Ondra virus will have .EXE programs fail 
       to execute properly, and system hangs may frequently occur. 
       Known variant(s) of Ondra are: 
       Ondra-B: Received in July, 1992, this variant is a variant 
                of Ondra described above.  It infects one .EXE program 
                each time an infected program is executed.  Infected 
                programs will be completely overwritten, though the 
                viral code is contained in the first 4,915 bytes of 
                the file.  It contains the same text strings as the 
                original virus. 
                Origin:  Unknown  July, 1992. 

Show viruses from discovered during that infect .

Main Page