Butterflies Virus

Alias:	Goddam Butterflies Virus
Strain:	---
detected when:	1993
where:	Germany
Classification:	File Virus (direct action COM Infector)
Length:
Preconditions
Operating System(s):	MS-DOS
Version/Release:	Releases >= 3.2
Computer model(s):	IBM and compatibles
Caroname:	Buterfly.Butterfly
Attributes
Easy identification:	1) COM Files contain following text strings: "Goddamn Butterflies" and "*.COM" 2) 4th Byte of an infected COM file: 01h.
Type of Infection:	1) When executing an infected COM-file, virus will search for up to 4 uninfected COM-files to which it appends it's code. 2) When searching for victims, findfirst/findnext is used; therefore, normaly only COM-files in current directory are infected. If DOS append or similar programs are used, victims in other directories will be found also.
Infection Technique:
Infection Trigger:	1) Executing an infected program. 2) No infection, if COM filesize < 121 Bytes or COM filesize > 64768 Bytes.
Storage Media affected:	Any disk/diskette
Interrupts hooked:	---
Stealth:
Tunneling/Selfprot:
Oligo/Polymorphism:
Encoding Method:
Damage:	No permanent or transient, except modifying COM-Files.
Damage Trigger:	---
Particularities:	1) Does not infect COMMAND.COM or any other file, with "ND" at same position (6th and 7th character) in name. 2) In some parts of a South German forest, there was a recent invasion of butterfly-larvae with much public attention; this virus may reflect this event.
Similarities:	---
Agents
Countermeasures:	(no successful detection yet: July 1993)
Standard means:	Delete infected files and restore from a clean source.
Acknowledgements
Location:	Virus-Test-Center, University Hamburg, Germany
Classification by:	Torsten Dargers, Morton Swimmer
Documentation by:	Torsten Dargers
Date:	31-July-1993
Information Source:	Reverse analysis of virus code

Butterflies Virus

Preconditions

Attributes

Agents

Acknowledgements