408

Virus Name: 408

Virus Type: Memory Resident, File Infector Virus (infects .COM files)

Virus Length: 408 bytes (COM)

PC Vectors Hooked: INT 21h (AX=4B00h) (execute program)

Infecting Procedure:

1) The virus determines whether or not it is already loaded resident in memory. If it isn't, the virus loads itself into resident memory by hooking INT 21h.

2) Next, it executes the original file.

3) After loading itself into resident memory, it infects any uninfected file that is executed. It doesn't infect .EXE files.

Detection Method: Infected files increase by 408 bytes.

Note: The 408 virus doesn't hook INT 24h when infecting files. An error message appears if an I/O error (such as write protect) occurs.


492

Virus Name: 492

Other names: None

Virus Type: File Infector Virus

Virus Length: 492 bytes (COM)

Executing Procedure:

1) The virus determines whether it is already loaded resident in memory. If it isn't, it loads itself into resident memory by hooking INT 21h.

2) Next, it executes the original file.

3) After loading itself into resident memory, it infecst any uninfected file that is executed.

Damage: Virus will check the system date. If it is a Saturday and the 14th day of the month, the virus will erase all data on the hard disk.

Detection Method: Increases infected file size by 492 bytes.

Note: Loads itself as resident in memory. An error message appears if an I/O error (such as write protect) occurs.


4096

Virus Name: Virus 4096

Virus Type: File Infector Virus

Virus Length: 4096 bytes

Executing Procedure: A boot sector will be modified if the system date is later than September 21. The text "FRODO LIVES" will then appear on the screen after booting from a modified disk. The virus code is corrupted so that when you run the infected file after September 21, the system areas will not be modified, but the virus will cause the system to crash.

Damage: Virus infects .COM files shorter than 61440 bytes and .EXE files. As a flag virus, it increases the year in the file's time stamp by 100 years. (DOS reports only the last two digits, so it cannot be easily recognized when, for example, the "DIR" command is executed).

Detection Method: The virus increases infected file size by 4096 bytes. The operating memory is decreased by about 6 KB.


4915

Virus Name: 4915

Virus Type: EXE File Infector

Virus Length:

Executing Procedure: Searches for all uninfected .EXE files on the current A: directory and proceeds to infect them.

Damage: It will overwrite original files with a virus code. Original files are destroyed.

Note:

1) Does not stay in memory.
2) You will see an error message when writing because INT 24h has not been hanged.
3) This virus is written with an advanced language.


439

Virus Name: 439

Virus Type: COM File infector

Virus Length: 439 bytes

Executing Procedure: Virus checks  to see whether it has stayed resident in memory. If it hasn't, it will stay resident in high memory. Next, it hooks INT 21h and goes back to the original routine.

Vectors hooked: Hooks INT 21H(AH=4Bh) to infect files. First, it will hang INT 24h to prevent divulging its trace when writing. If the program to be executed is an uninfected .COM file, the virus proceeds to infect it.

Damage: None

Detection Method: Infected file size increases by 439 bytes.


4-A


Virus Name: 4-A

Virus Type: COM File infector

Virus Length: 450-460 bytes

Executing Procedure: Virus displays the following message: "-----Hello, I am virus ! -----". Virus then searches for an uninfected .COM file on current directory and infects it. It infects only one file at a time.

Damage: None

Note:

1) It does not stay resident in memory.
2) You will see an error message when writing because INT 24h has not been hanged.

Detection Method:

1) Infected files display above message when executed.
2) Infected file size increases by 450-460 bytes.