Viper Virus


 Virus Name:  Viper 
 Aliases:     Viper Dropper 
 V Status:    Viron 
 Discovered:  January, 1992 
 Symptoms:    .COM & .EXE files overwritten; programs fail to execute; 
              message 
 Origin:      Australia 
 Eff Length:  840 Bytes 
 Type Code:   ONAK - Overwriting Non-Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, AVTK, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Viper Virus was submitten in January, 1992.  It is originally 
       from Australia.  Viper is a non-resident, direct action infector 
       of .COM and .EXE programs.  It also infects COMMAND.COM. 
 
       When a program infected with Viper is executed, the Viper virus 
       will infect up to four programs in the current directory.  .EXE 
       programs will be selected first, and then .COM programs.  Infected 
       files will have the first 840 bytes overwritten with the Viper 
       virus.  Unless the file's pre-infection length was less than 840 
       bytes, there will be no change to the file's length in the DOS 
       disk directory listing.  Programs which were originally less than 
       840 bytes in length will now be 840 bytes in length.  There will be 
       no text strings visible in infected files as Viper is encrypted. 
 
       Once all of the .COM and .EXE programs in the current directory 
       have been infected with Viper, the execution of the next infected 
       program will result in the following message being displayed, and 
       the user returned to the DOS prompt: 
 
               "-/\-] S.C.P. [-/\- 
                Welcome, you have just joined the SCP Wasted 
                Victims club!, yep thats right.. your've got 
                the ViPER-I virus!  and Lord Venom wont even 
                charge you for it!. NO CRIPPLE WAREZ HERE!!! 
               |--------------------------------------------| 
                Copyright by Lord Venom & S.C.P. Australia 
 
       Known variant(s) of Viper are: 
       Viper Dropper: The original submitted sample of the Viper 
                      virus, this copy is completely unencrypted. 
       Wiggers: Based on the Viper virus described above, Wiggers is 
            a 666 byte variant which infects four .EXE or .COM files 
            each time an infected program is executed.  Infected 
            programs will have the first 666 bytes overwritten by the 
            Wiggers viral code.  The Wiggers virus will display one of 
            the following message when an infected program is executed, 
            usually occurring with a system hang: 
            "We Have Noticed That Wiggers Seem To Have Take Over The High 
             School Scene.  If You See One, Please Hit Him With Your Car!" 
            "Program too big to fit in memory" 
            The text string from the first message above, along with the 
            following additional text string, is encrypted within the 
            virus: 
            "*.EXE *.COM .." 
            Origin:  Unknown  April, 1993.

Show viruses from discovered during that infect .

Main Page