Virus Name: YONYU Virus Type: Boot Sector and Partition Infector Virus Length: None.
PC Vectors Hooked: INT 13h Executing Procedure: 1) Decreases 1K Bytes in total system memory when the system is booted from an infected disk. 2) It will load itself in the last 1K bytes of resident memory. 3) It then hooks INT 13h. 4) When you boot the machine as usual and you "READ and WRITE" to a file the YONYU virus will hook INT 13H and infect the diskette. Damage: None. Detecting Method: Decreases total memory size by 1K Bytes.
Note: 1) YONYU doesn't hook INT 24h when infecting files. It omits I/O errors (such as write protect).
Virus Name: Yan2505a Virus Type: EXE & COM File infector Virus Length: 2505 bytes Executing Procedure: 1) Checks whether it has remained resident in memory. If not, it will stay resident in high memory. 2) Then it hooks INT 21h and returns to the original routine. Vectors hooked: 1) Hooks INT 21H(AH=4Bh)to infect files. 2) First, it will hang INT 24h to prevent divulging its trace when writing. 3) If the program to be executed is an uninfected COM or EXE file, the virus proceeds to infect it. Damage: None Detecting Method: Infected file sizes increase by 2505 bytes.
Other Name: YANK-44A
Virus Type: File Type Virus
Virus Length: Approximately, 2880 bytes.
Virus Memory Type:
INT Vector Hooked: Int 21
Trigger Condition:
Triggers if time is 5:00 pm of any day. Plays a part of the song:
"Jack and Jill."
Run Directly: Loads virus code to high memory.
Infection Procedure:
Loads itself to high memory. Allocates 3008 bytes in memory. Moves 2880 bytes to memory. Infects *.COM and *.EXE files. Copies virus code to host program. Loads the virus first before running the host program.