VIRUS CHARACTERISTICS LIST V66 Copyright 1989, McAfee Associates 408 988 3832 The following list outlines the major characteristics of the known IBM PC and compatible virus strains identified by SCAN. Beginning with version 63 of the list, we are including the number of known varieties of each strain. This number is listed in parenthesis beside the name of the strain. The total number of known viruses are summed at the end of the list. For version 66, and above, the Clean-Up virus I.D. code has been added in brackets. This was added to facilitate the use of SCAN shells and on-line virus help programs such as Virus Rescue. A column for "Stealth' viruses has also been added. ========================================================================== Infects Fixed Disk Partition Table-----------------------+ Infects Fixed Disk Boot Sector-------------------------+ | Infects Floppy Diskette Boot ------------------------+ | | Infects Overlay Files------------------------------+ | | | Infects EXE Files--------------------------------+ | | | | Infects COM files------------------------------+ | | | | | Infects COMMAND.COM--------------------------+ | | | | | | Virus Remains Resident---------------------+ | | | | | | | Virus Uses Self-Encryption---------------+ | | | | | | | | Virus Uses STEALTH Techniques----------+ | | | | | | | | | | | | | | | | | | | Increase in | | | | | | | | | | Infected | | | | | | | | | | Program's | | | | | | | | | | Size | | | | | | | | | | | | | | | | | | | | | | Virus Disinfector V V V V V V V V V V V Damage ----------------------------------------------------------------------------- Anthrax - Boot [Atx] M-Disk . . x . . . . . . x N/A O,P,D Anthrax - File [Atx] Clean-Up . . x x x x . . . . 1206 O,P,D 651 [651] Clean-Up . . x . x . . . . . 651 O,P,D TCC [TCC] Clean-Up . . . x x x x . . . 4909 O,P,D,L Leprosy Clean-Up . . x x x x x . . . Overwrites Mardi Bros. [Mardi] M-DISK . . x . . . . x x . N/A B,O 1253 - Boot [1253] M-DISK . . x . . . . x x x N/A O,P,D,L 1253 - COM [1253] Clean-Up . . x x x . . . . . 1253 O,P,D,L AirCop [AirCop] M-DISK . . x . . . . x . . N/A B,O 400 (5) [400] Clean-Up . . x . x . . . . . Vary O,P,D P1 (3) [P1r] Clean-Up . x x . x . . . . . Vary O,P,D,L Ontario [Ont] Clean-Up . x x x x x . . . . Vary O,P,D 1226 (3) [1226] Clean-Up . x x x x x x . . . 1226 O,P,D V2100 [2100] Clean-Up . . x . x x . . . . 2100 O,P,D,L Plastique (3) [P1q] Clean-Up . . x x x x x . . . 3012 O,P,D Wolfman [Wolf] Clean-Up . . x x x x . . . . 2064 O,P Doom2 [Dm2] Clean-Up . . x . x x . . . . 2504 O,P,D,L Flip [Flip] Clean-Up . x x x x x x . . . 2343 O,P,D,L Fellowship [Fellow] Clean-Up . . x . . x . . . . 1022 O,P,D,L Flash [Flash] Clean-Up . . x x x x . . . . 688 O,P,D,L 1008 [1008] Clean-Up . x x x x . . . . . 1008 O,P,D,L Stoned-II [Stoned] M-DISK . . x . . . . x . x N/A O,B,L Taiwan3 [T3] Clean-Up . . x x x x x . . . 2905 O,P,D,L Armagedon [Arma] Clean-Up . . x x x . . . . . 1079 O,P 1381 [1381] Clean-Up . . . . . x x . . . 1381 O,P Tiny (7) [Tiny] Clean-up . . . x x . . . . . 163 O,P Subliminal [Sub] Clean-Up . . x x x . . . . . 1496 O,P Sorry [Sorry] Clean-Up . . x x x . . . . . 731 O,P RedX [Redx] Clean-Up . . . x x . . . . . 796 O,P 1024 [1024] Clean-Up . . x x x . . . . . 1024 O,P Joshi [Joshi] M-DISK x . x . . . . x x x N/A B,O,D Microbes [Micro] M-DISK . . x . . . . x x . N/A B,O,D Print Screen [Prtscr] M-DISK . . x . . . . x x . N/A B,O,D Form [Form] M-DISK . . x . . . . x x . N/A B,O,D July 13th [J13] Clean-Up . x . . . x . . . . 1201 O,P,D,L 5120 (2) [5120] Clean-Up . . . x x x x . . . 5120 O,P,D,L Victor [Victor] Clean-Up . . x x x x x . . . 2458 P,D,L JoJo [JoJo] Clean-Up . . x . x . . . . . 1701 O,P W-13 (2) [W13] Clean-Up . . . . x . . . . . 532 O,P Slow [Slow] Clean-Up . x x . x x x . . . 1721 O,P,L Frere Jacques [Frere] Clean-Up . . x . x x x . . . 1811 O,P Liberty [Liberty] Clean-Up . . x x x x x . . . 2862 O,P Fish-6 [Fish] Clean-Up x x x x x x x . . . 3584 O,P,L Shake [Shake] Clean-Up . . x . x . . . . . 476 O,P Murphy [Murphy] Clean-Up . . x x x x x . . . 1277 O,P V800 [V800] Clean-Up x x x . x . . . . . none O,P,L Kennedy [Kennedy] Clean-Up . . x . x . . . . . 308 O,P 8 Tunes/1971 [1971] Clean-Up . . x . x x x . . . 1971 O,P Yankee - 2 [Doodle2] Clean-Up . . . . x x . . . . 1961 O,P June 16th [June16] Clean-Up . . . x x . . . . . 1726 F,O,P,L XA1 [XA1] Clean-Up . x . . x . . . . . 1539 F,O,P,L 1392 [1392] Clean-Up . . x x x x . . . . 1392 O,P,L 1210 [1210] Clean-Up . . x . x . . . . . 1210 O,P,L 1720 [1720] Clean-Up . . x . x x x . . . 1720 F,O,P,L Saturday 14th [Sat14] Clean-Up . . x . x x x . . . 685 F,O,P,L Korea (2) [Korea] M-DISK . . . . . . . x x . N/A B,O Vcomm (3) [Vcomm] Clean-Up . . . . . x . . . . 1074 O,P,L ItaVir [Ita] Clean-Up . . . . . x . . . . 3880 O,P,L,B Solano (2) [Solano] Clean-Up . . x . x . . . . . 2000 O,P,L V2000 (3) [2000] Clean-Up . . x x x x x . . . 2000 O,P,L 1559 [1559] SCAN/D . . x x x x . . . . 1554 O,P,L 512 (4) [512] SCAN/D x . x x x . . . . . none O,P,L EDV (2) [EDV] M-DISK x . x . . . . x x x N/A B,O Joker [Joke] Clean-Up . . x x x . . . . . O,P Icelandic-3 [Ice-3] Clean-Up . . x . . x . . . . 853 O,P Virus-101 [101] Clean-Up . x x x x x x x . . 2560 P 1260 [1260] Clean-Up . x . . x . . . . . 1260 P Perfume (2) [Fume] Clean-Up . . . . x . . . . . 765 P Taiwan (2) [Taiwan] Clean-Up . . . . x . . . . . 708 P Chaos [Chaos] MDISK . . x . . . . x x . N/A B,O,D,F Virus-90 [90] Clean-Up . . x . x . . . . . 857 P Oropax (3) [Oro] Clean-Up . . x . x . . . . . 2773 P,O 4096 (2) [4096] Clean-Up x . x x x x x . . . 4096 D,O,P,L Devil's Dance [Dance] Clean-Up . . x . x . . . . . 941 D,O,P,L Amstrad (5) [Amst] Clean-Up . . . . x . . . . . 847 P Payday [Payday] Clean-Up . . x . x x x . . . 1808 P Datacrime II-B [Crime-2] Clean-Up . x . x x x . . . . 1917 P,F Sylvia/Holland [Holland] Clean-Up . . . . x . . . . . 1332 P Do-Nothing [Nothing] Clean-Up . . x . x . . . . . 608 P Sunday (2) [Sunday] Clean-Up . . x . x x x . . . 1636 O,P Lisbon (2) [Lisb] Clean-Up . . . . x . . . . . 648 P Typo/Fumble [Typo] Clean-Up . . x . x . . . . . 867 O,P Dbase [Dbase] Clean-Up . . x . x . . . . . 1864 D,O,P Ghost Boot [Ghost] MDISK . . x . . . . x x . N/A B,O Ghost COM [Ghost] Clean-Up . . . . x . . . . . 2351 B,P New Jerusalem [Jeru] Clean-Up . . x . x x x . . . 1808 O,P Alabama (2) [Alabama] Clean-Up . . x . . x . . . . 1560 O,P,L Yank Doodle (3) [Doodle] Clean-Up . . x . x x . . . . 2885 O,P 2930 [2930] Clean-Up . . x . x x . . . . 2930 P Ashar [Brain] Clean-Up . . x . . . . x . . N/A B AIDS (3) [Aids] Clean-Up . . . . x . . . . . Overwrites Disk Killer (2) [Killer] Clean-Up . . x . . . . x x . N/A B,O,P,D,F 1536/Zero Bug [Zero] Clean-Up . . x . x . . . . . 1536 O,P MIX1 [Ice] Clean-Up . . x . . x . . . . 1618 O,P Dark Avenger (2) [Dav] Clean-Up . . x x x x x . . . 1800 O,P,L 3551/Syslock [Syslock] Clean-Up . x . . x x . . . . 3551 P,D VACSINA (2) [Vacs] Clean-Up . . x . x x x . . . 1206 O,P Ohio [Ohio] MDISK . . x . . . . x . . N/A B Typo Boot [Typo] MDISK . . x . . . . x x . N/A O,B Swap Boot [Swap] MDISK . . x . . . . x . . N/A B Datacrime II [Crime-2] Clean-Up . x . . x x . . . . 1514 P,F Icelandic II [Ice-2] Clean-Up . . x . . x . . . . 661 O,P Pentagon [Pentagon] MDISK . . . . . . . x . . N/A B Traceback (2) [3066] M-3066 . . x . x x . . . . 3066 P Datacrime-B [Crime-B] Clean-Up . x . . x . . . . . 1168 P,F Icelandic (2) [Ice] Clean-Up . . x . . x . . . . 642 O,P Saratoga [Ice] Clean-Up . . x . . x . . . . 632 O,P 405 [405] Clean-Up . . . . x . . . . . Overwrites 1704 Format [170x] Clean-Up . x x . x . . . . . 1704 O,P,F Fu Manchu (2) [Fu] Clean-Up . . x . x x x . . . 2086 O,P Datacrime (2) [Crime] Clean-Up . x . . x . . . . . 1280 P,F 1701/Cascade [170x] Clean-Up . x x . x . . . . . 1701 O,P CASCADE-B (9) [170x] Clean-Up . x x . x . . . . . 1704 O,P Stoned (2) [Stoned] Clean-Up . . x . . . . x . x N/A O,B,L 1704/CASCADE [170x] Clean-Up . x x . x . . . . . 1704 O,P Ping Pong-B (2) [Ping] Clean-Up . . x . . . . x x . N/A O,B Den Zuk (3) [Zuk] MDISK . . x . . . . x . . N/A O,B Ping Pong (3) [Ping] Clean-Up . . x . . . . x . . N/A O,B Vienna-B [Vienna] Clean-Up . . . . x . . . . . 648 P Lehigh [Lehigh] Clean-Up . . x x . . . . . . Overwrites P,F Vienna/648 (14) [Vienna] M-VIENNA . . . . x . . . . . 648 P Jerusalem-B [Jeru] Clean-Up . . x . x x x . . . 1808 O,P Alameda (2) [Alameda] Clean-Up . . x . . . . x . . N/A B Friday 13th COM [Fri13] Clean-Up . . . . x . . . . . 512 P Jerusalem (9) [Jeru] Clean-Up . . x . x x x . . . 1808 O,P SURIV03 [SurivB] Clean-Up . . x . x x x . . . O,P SURIV02 [SurivA] Clean-Up . . x . . x . . . . 1488 O,P SURIV01 [SurivA] Clean-Up . . x . x . . . . . 897 O,P Brain (3) [Brain] Clean-Up . . x . . . . x . . N/A B Total Known Viruses - 213 Legend: Damage Fields - B - Corrupts or overwrites Boot Sector O - Affects system run-time operation P - Corrupts program or overlay files D - Corrupts data files F - Formats or erases all/part of disk L - Directly or indirectly corrupts file linkage Size Increase - The length, in bytes, by which an infected program or overlay file will increase Characteristics - x - Yes . - No Disinfectors - SCAN/D - VIRUSCAN with /D option SCAN/D/A - VIRUSCAN with /D and /A options MDISK/P - MDISK with "P" option All Others - The name of disinfecting program Note: The SCAN /D option will overwrite and then delete the entire infected program. The program must then be replaced from the original program diskette. If you wish to try and recover an infected program, then use the named disinfector if available.