VIRUS CHARACTERISTICS LIST V51 Copyright 1989, McAfee Associates 408 988 3832 The following list outlines the critical characteristics of the known IBM PC and compatible viruses. ========================================================================== Infects Fixed Disk Partition Table-------------------+ Infects Fixed Disk Boot Sector---------------------+ | Infects Floppy Diskette Boot --------------------+ | | Infects Overlay Files--------------------------+ | | | Infects EXE Files----------------------------+ | | | | Infects COM files--------------------------+ | | | | | Infects COMMAND.COM----------------------+ | | | | | | Virus Remains Resident-----------------+ | | | | | | | Virus Uses Self-Encryption-----------+ | | | | | | | | | | | | | | | | | | | | | | | | | | Increase in | | | | | | | | | Infected | | | | | | | | | Program's | | | | | | | | | Size | | | | | | | | | | | | | | | | | | | | Virus Disinfector V V V V V V V V V V Damage ----------------------------------------------------------------------------- Amstrad SCAN/D . . . x . . . . . 847 P Payday M-JRUSLM . x . x x x . . . 1808 P Datacrime II-B SCAN/D x . x x x . . . . 1917 P,F Sylvia/Holland SCAN/D . x . x . . . . . 1332 p Do-Nothing SCAN/D . . . x . . . . . 608 p Sunday SCAN/D . x . x x x . . . 1636 O,P Lisbon SCAN/D . . . x . . . . . 648 P Typo/Fumble SCAN/D . x . x . . . . . 867 O,P Dbase SCAN/D . x . x . . . . . 1864 D,O,P Ghost Boot Version MDISK . x . . . . x x . N/A B,O Ghost COM Version SCAN/D . . . x . . . . . 2351 B,P New Jerusalem M-JRUSLM . x . x x x . . . 1808 O,P Alabama SCAN/D . x . . x . . . . 1560 O,P,L Yankee Doodle SCAN/D . x . x x . . . . 2885 O,P 2930 SCAN/D . x . x x . . . . 2930 P Ashar MDISK . x . . . . x . . N/A B AIDS SCAN/D . . . x . . . . . Overwrites Program Disk Killer MDISK . x . . . . x x . N/A B,O,P,D,F 1536/Zero Bug SCAN/D . x . x . . . . . 1536 O,P MIX1 SCAN/D . x . . x . . . . 1618 O,P Dark Avenger M-DAV . x x x x x . . . 1800 O,P,L 3551/Syslock SCAN/D x . . x x . . . . 3551 P,D VACSINA SCAN/D/A . x . x x x . . . 1206 O,P Ohio MDISK . x . . . . x . . N/A B Typo (Boot Virus) MDISK . x . . . . x x . N/A O,B Swap/Israeli Boot MDISK . x . . . . x . . N/A B 1514/Datacrime II SCAN/D x . . x x . . . . 1514 P,F Icelandic II SCAN/D . x . . x . . . . 661 O,P Pentagon MDISK . . . . . . x . . N/A B 3066/Traceback M-3066 . x . x x . . . . 3066 P 1168/Datacrime-B SCAN/D x . . x . . . . . 1168 P,F Icelandic SCAN/D . x . . x . . . . 642 O,P Saratoga SCAN/D . x . . x . . . . 632 O,P 405 SCAN/D . . . x . . . . . Overwrites Program 1704 Format M-1704 x x . x . . . . . 1704 O,P,F Fu Manchu SCAN/D . x . x x x . . . 2086 O,P 1280/Datacrime SCAN/D x . . x . . . . . 1280 P,F 1701/Cascade M-1704 x x . x . . . . . 1701 O,P 1704/CASCADE-B M-1704 x x . x . . . . . 1704 O,P Stoned/Marijuana MDISK/P . x . . . . x . x N/A O,B,L 1704/CASCADE M-1704 x x . x . . . . . 1704 O,P Ping Pong-B MDISP . x . . . . x x . N/A O,B Den Zuk MDISK . x . . . . x . . N/A O,B Ping Pong MDISK . x . . . . x . . N/A O,B Vienna-B SCAN/D . . . x . . . . . 648 P Lehigh SCAN/D . x x . . . . . . Overwrites P,F Vienna/648 M-VIENNA . . . x . . . . . 648 P Jerusalem-B M-JRUSLM . x . x x x . . . 1808 O,P Yale/Alameda MDISK . x . . . . x . . N/A B Friday 13th COM SCAN/D . . . x . . . . . 512 P Jerusalem SCAN/D/A . x . x x x . . . 1808 O,P SURIV03 SCAN/D . x . x x x . . . O,P SURIV02 SCAN/D . x . . x . . . . 1488 O,P SURIV01 SCAN/D . x . x . . . . . 897 O,P Pakistani Brain MDISK . x . . . . x . . N/A B Legend: Damage Fields - B - Corrupts or overwrites Boot Sector O - Affects system run-time operation P - Corrupts program or overlay files D - Corrupts data files F - Formats or erases all/part of disk L - Directly or indirectly corrupts file linkage Size Increase - The length, in bytes, by which an infected program or overlay file will increase Characteristics - x - Yes . - No Disinfectors - SCAN/D - VIRUSCAN with /D option SCAN/D/A - VIRUSCAN with /D and /A options MDISK/P - MDISK with "P" option All Others - The name of disinfecting program Note: The SCAN /D option will overwrite and then delete the entire infected program. The program must then be replaced from the original program diskette. If you wish to try and recover an infected program, then use the named disinfector if available.