578

Virus Name: 578

Virus Type: Memory Resident, File Infector Virus (infects .COM files).

Virus Length: 578 bytes (COM)

PC Vectors Hooked: INT 21h (AX=4B00h) (execute program)

Infecting Procedure:

1) The virus checks to see whether it is already loaded resident in memory. If not, it loads itself into resident memory by hooking INT 21h.

2)  Next, it executes the original file.

3) After loading itself into resident memory it will infect any uninfected file that is executed. (It doesn't infect .EXE files.)

4) The virus will then check the system date. If is later than April 3, the virus will destroy all data on A:, display a tri-colored flag and the message "ITALY IS THE BEST COUNTRY IN THE WORLD" on the screen.

Damage: If the system date is later than April 3, the virus will destroy all data on A:.

Detection Method: Infected COM files increase in size by 578 bytes.

Note: 578 doesn't hook INT 24h when infecting files. An error message appears if an I/O error (such as write protect) occurs.


5LO

Virus Name: 5LO

Virus Type: Memory Resident, File Infector Virus (infects .EXE files).

Virus Length: 1125--1140 Bytes (EXE)

PC Vectors Hooked: INT 21h (AX=4B00h) (execute program)

Infecting Procedure:

1) The virus checks to see if it is already loaded resident in memory. If not, it loads itself into resident memory by hooking INT 21h.

2) Next, it executes the original file.

3) After loading itself into resident memory it will infect any uninfected file that is executed. It doesn't infect .COM files.Damage: None.

Detection Method: Infected .EXE files increase in size by 1125-1140 bytes.

Note: The 5LO virus doesn't hook INT 24h when infecting files. An error message appears if an I/O error (such as write protect) occurs.


512

Virus Name: 512

Virus Type: File Infector Virus

Virus Length: 512 bytes

Symptoms: None

Executing Procedure: The virus does not contain any damage routine, but its spreading mechanism presents a great danger to the infected file. The beginning is saved outside the file in free space in the allocated cluster. When such a program is copied, this part is not copied with the rest of the file, causing the original program to be destroyed.

Other manifested problems to files: When an infected file is read with the virus already in the memory, it tests as a virus flag only for the time of the last modification (62 seconds) and not the actual file content. The same virus flag is used by viruses 648 and 1560 and some users have their programs "immunized" against virus 648. The result is that the nonsense data which lies at the end of an infected file will be read rather than the actual file content.


534

Virus Name: 534

Virus Type: Parasitic Virus

Virus Length: 534 bytes

Symptoms: Virus infects .COM files in the current directory or root directory that are longer than 256 bytes and shorter than 64000 bytes. Increases infected file size by 534 bytes and the file contains the string "????????.COM".


555

Virus Name: 555

Alias Name: Dutch 555, Quit-199

Virus Type: File Virus

VirusLength: 555 bytes

Description: This virus infects *.COM and *.EXE files, as well as COMMAND.COM.

When an infected file is executed, the virus installs itself into memory. Total available memory will have decreased by 560 bytes.

Once the virus is resident in memory, it will infect *.COM and *.EXE files as they are executed. Infected files will increase in size by 555 bytes, with the virus being located at the end of the infected file. Infected files will have their date and time records updated to the date and time the infection occurred.