Virus Name: 334 Virus Type: File Infector Virus (infects .COM files) Virus Length: 334 bytes (.COM) PC Vectors Hooked: None Executing Procedure:
1) Searches for a .COM file in the current directory.
2) Once it locates a .COM file it checks to see whether it has been infected by 334. If the file has been infected, it continues to search for an uninfected .COM file.
3) It infects uninfected files one at a time.
4) Finally, it executes the original file. Damage: None Detection Method: Infected file size will increase by 334 bytes. Note:
1) Doesn't stay resident in memory.
2) 334 doesn't hook INT 24h when infecting files. An error message appears if an I/O error (such as write protect) occurs.
Virus Name: 302 Virus Type: Highest Memory Resident, File Infector Virus (infects .COM files). Virus Length: 302 bytes (COM) PC Vectors Hooked: INT 21h (AX=4B00h) (execute program), INT 24h Executing Procedure:
1) The virus first determines whether it is already resident in memory. If it's not, it then loads itself into resident memory by hooking INT 21h.
2) Next, it executes the original file.
3) After loading itself into resident memory it will infect any uninfected file that is executed. (It doesn't infect .EXE files.) Damage: None. Detection Method: Infected files increase by 302 bytes. Note: The 302 virus hooks INT 24h when infecting files. It omits I/O errors (such as write protect).
Virus Name: 3584 Other Names: Fish 6 Virus Type: Parasitic Virus, Memory resident Virus Length: 3584 bytes Symptoms: Increases infected file size by 3584 bytes. Decreases the size of free RAM memory by 6KB. Damage: Virus displays the message "FISH VIRUS #6 - EACH DIFF BONN 2/90 '~knzyvo}'" on the screen using function 9 of interrupt 21h and halts the computer using instruction HLT.
Virus Name: 330 Virus Type: COM File infector Virus Length: 330 bytes Executing Procedure: Virus searches for an uninfected .COM file on the current directory and infects it. (It infects only one file at a time.) The virus will then check to see if the current month is July. If it is, the message "[330] by ICE-9" appears. Damage: None Note:
1) It does not remain resident in memory. 2) You will see an error message when writing because INT 24h has not been hanged. Detecting Method: Infected file size increases by 330 bytes.