334

Virus Name: 334

Virus Type: File Infector Virus (infects .COM files)

Virus Length: 334 bytes (.COM)


PC Vectors Hooked: None

Executing Procedure:

1) Searches for a .COM file in the current directory.

2) Once it locates a .COM file it checks to see whether it has been infected by 334. If the file has been infected, it continues to search for an uninfected .COM file.

3) It infects uninfected files one at a time.

4) Finally, it executes the original file.

Damage: None

Detection Method: Infected file size will increase by 334 bytes.


Note:

1) Doesn't stay resident in memory.

2) 334 doesn't hook INT 24h when infecting files. An error message appears if an I/O error (such as write protect) occurs.


302

Virus Name: 302

Virus Type: Highest Memory Resident, File Infector Virus (infects .COM files).

Virus Length: 302 bytes (COM)

PC Vectors Hooked: INT 21h (AX=4B00h) (execute program), INT 24h

Executing Procedure:

1) The virus first determines whether it is already resident in memory. If it's not, it then loads itself into resident memory by hooking INT 21h.

2) Next, it executes the original file.

3) After loading itself into resident memory it will infect any uninfected file that is executed. (It doesn't infect .EXE files.)

Damage: None.

Detection Method: Infected files increase by 302 bytes.

Note: The 302 virus hooks INT 24h when infecting files. It omits I/O errors (such as write protect).


3584

Virus Name: 3584

Other Names: Fish 6

Virus Type: Parasitic Virus, Memory resident

Virus Length: 3584 bytes

Symptoms: Increases infected file size by 3584 bytes. Decreases the size of free RAM memory by 6KB.

Damage: Virus displays the message "FISH VIRUS #6 - EACH DIFF BONN 2/90 '~knzyvo}'" on the screen using function 9 of interrupt 21h and halts the computer using instruction HLT.


330


Virus Name: 330

Virus Type: COM File infector

Virus Length: 330 bytes

Executing Procedure: Virus searches for an uninfected .COM file on the current directory and infects it. (It infects only one file at a time.) The virus will then check to see if the current month is July. If it is, the message "[330] by ICE-9" appears.

Damage: None

Note:

1) It does not remain resident in memory.
2) You will see an error message when writing because INT 24h has not been hanged.

Detecting Method: Infected file size increases by 330 bytes.