VIRUS CHARACTERISTICS LIST V56 Copyright 1989, McAfee Associates 408 988 3832 The following list outlines the critical characteristics of the known IBM PC and compatible viruses. ========================================================================== Infects Fixed Disk Partition Table-------------------+ Infects Fixed Disk Boot Sector---------------------+ | Infects Floppy Diskette Boot --------------------+ | | Infects Overlay Files--------------------------+ | | | Infects EXE Files----------------------------+ | | | | Infects COM files--------------------------+ | | | | | Infects COMMAND.COM----------------------+ | | | | | | Virus Remains Resident-----------------+ | | | | | | | Virus Uses Self-Encryption-----------+ | | | | | | | | | | | | | | | | | | | | | | | | | | Increase in | | | | | | | | | Infected | | | | | | | | | Program's | | | | | | | | | Size | | | | | | | | | | | | | | | | | | | | Virus Disinfector V V V V V V V V V V Damage ----------------------------------------------------------------------------- Taiwan CleanUp . . . x . . . . . 708 p Chaos MDISK . x . . . . x x . N/A B,O,D,F Virus-90 CleanUp . x . x . . . . . 857 P Oropax CleanUp . x . x . . . . . 2773 P,O 4096 CleanUp . x x x x x . . . 4096 D,O,P,L Devil's Dance CleanUp . x . x . . . . . 941 D,O,P,L Amstrad CleanUp . . . x . . . . . 847 P Payday CleanUp . x . x x x . . . 1808 P Datacrime II-B CleanUp x . x x x . . . . 1917 P,F Sylvia/Holland CleanUp . x . x . . . . . 1332 p Do-Nothing CleanUp . . . x . . . . . 608 p Sunday CleanUp . x . x x x . . . 1636 O,P Lisbon CleanUp . . . x . . . . . 648 P Typo/Fumble CleanUp . x . x . . . . . 867 O,P Dbase CleanUp . x . x . . . . . 1864 D,O,P Ghost Boot Version MDISK . x . . . . x x . N/A B,O Ghost COM Version CleanUp . . . x . . . . . 2351 B,P New Jerusalem CleanUp . x . x x x . . . 1808 O,P Alabama CleanUp . x . . x . . . . 1560 O,P,L Yankee Doodle CleanUp . x . x x . . . . 2885 O,P 2930 CleanUp . x . x x . . . . 2930 P Ashar CleanUp . x . . . . x . . N/A B AIDS CleanUp . . . x . . . . . Overwrites Program Disk Killer CleanUp . x . . . . x x . N/A B,O,P,D,F 1536/Zero Bug CleanUp . x . x . . . . . 1536 O,P MIX1 CleanUp . x . . x . . . . 1618 O,P Dark Avenger CleanUp . x x x x x . . . 1800 O,P,L 3551/Syslock CleanUp x . . x x . . . . 3551 P,D VACSINA CleanUp . x . x x x . . . 1206 O,P Ohio MDISK . x . . . . x . . N/A B Typo (Boot Virus) MDISK . x . . . . x x . N/A O,B Swap/Israeli Boot MDISK . x . . . . x . . N/A B 1514/Datacrime II CleanUp x . . x x . . . . 1514 P,F Icelandic II CleanUp . x . . x . . . . 661 O,P Pentagon MDISK . . . . . . x . . N/A B 3066/Traceback M-3066 . x . x x . . . . 3066 P 1168/Datacrime-B CleanUp x . . x . . . . . 1168 P,F Icelandic CleanUp . x . . x . . . . 642 O,P Saratoga CleanUp . x . . x . . . . 632 O,P 405 CleanUp . . . x . . . . . Overwrites Program 1704 Format CleanUp x x . x . . . . . 1704 O,P,F Fu Manchu CleanUp . x . x x x . . . 2086 O,P 1280/Datacrime CleanUp x . . x . . . . . 1280 P,F 1701/Cascade CleanUp x x . x . . . . . 1701 O,P 1704/CASCADE-B CleanUp x x . x . . . . . 1704 O,P Stoned/Marijuana CleanUp . x . . . . x . x N/A O,B,L 1704/CASCADE CleanUp x x . x . . . . . 1704 O,P Ping Pong-B CleanUp . x . . . . x x . N/A O,B Den Zuk MDISK . x . . . . x . . N/A O,B Ping Pong CleanUp . x . . . . x . . N/A O,B Vienna-B CleanUp . . . x . . . . . 648 P Lehigh CleanUp . x x . . . . . . Overwrites P,F Vienna/648 M-VIENNA . . . x . . . . . 648 P Jerusalem-B CleanUp . x . x x x . . . 1808 O,P Yale/Alameda CleanUp . x . . . . x . . N/A B Friday 13th COM CleanUp . . . x . . . . . 512 P Jerusalem CleanUp . x . x x x . . . 1808 O,P SURIV03 CleanUp . x . x x x . . . O,P SURIV02 CleanUp . x . . x . . . . 1488 O,P SURIV01 CleanUp . x . x . . . . . 897 O,P Pakistani Brain CleanUp . x . . . . x . . N/A B Legend: Damage Fields - B - Corrupts or overwrites Boot Sector O - Affects system run-time operation P - Corrupts program or overlay files D - Corrupts data files F - Formats or erases all/part of disk L - Directly or indirectly corrupts file linkage Size Increase - The length, in bytes, by which an infected program or overlay file will increase Characteristics - x - Yes . - No Disinfectors - SCAN/D - VIRUSCAN with /D option SCAN/D/A - VIRUSCAN with /D and /A options MDISK/P - MDISK with "P" option All Others - The name of disinfecting program Note: The SCAN /D option will overwrite and then delete the entire infected program. The program must then be replaced from the original program diskette. If you wish to try and recover an infected program, then use the named disinfector if available. [3] Tfiles: (1-8,?,Q) :