44 lines
1.9 KiB
Plaintext
44 lines
1.9 KiB
Plaintext
Virus-Spotlight: The Scitzo virus
|
|
---------------------------------
|
|
|
|
Virus Name: Scitzo
|
|
Aliases: Red-A
|
|
V Status: Ok
|
|
Discovery: Rebound's harddrive
|
|
Symptoms: COM and EXE files growth, decrease of available memory
|
|
Origin: Lund, Sweden
|
|
Eff Length: 1277 bytes, I think
|
|
Type Code: RPCE - Resident polymorphic COM/EXE infector
|
|
Detection Method: Most anti-virus programs can probably detect it by now
|
|
Removal Instructions: Format the harddrive! (quote: Mikael Larsson/VHC)
|
|
|
|
General Comments:
|
|
|
|
The scitzo virus was written in Lund, Sweden 1994, by someone calling
|
|
himself Red A. A person with a great sense of humour and programming
|
|
capabilities.
|
|
|
|
The first release of this virus was send out to atleast one major
|
|
bulletin-board-system located somewhere in Sweden. From this place
|
|
it was downloaded by a great number of loosers, that got their files
|
|
corrupted due to a slight bug in the infection-routine. This bug was
|
|
however fixed in the latter version.
|
|
|
|
Scitzo will install itself resident in the top of memory but below the
|
|
640 kb boundary, allocating enough space for itself. It's not shown
|
|
whenever a mem /c is performed, still mem and chkdsk will report the
|
|
loss of memory.
|
|
|
|
Whenever a file is executed, or opened (for any reason) the virus will
|
|
infect that file. The next time this program is executed, it will check
|
|
if it's already is resident, if so, it'll not go-up again, otherwise,
|
|
it'll load itself into the memory waiting to infect new targets. Either
|
|
way, it'll then let the original program execute normally. Making this
|
|
virus non-overwriting (duh).
|
|
|
|
Before the virus is about to close the (now) infected file, there is
|
|
a one percent that the virus will add 'I feel a little scitzo...' to
|
|
the end of the file. Otherwise, the Scitzo virus doesn't do anything
|
|
besides replicating.
|
|
|