Trivial.30.A Virus

Strain:Trivial Virus Strain
detected when:---
Classification:Overwriting COM infectors, direct action; not


Operating System(s):MS/PC-DOS 3.x upwards
Computer model(s):All IBM PC/AT compatibles


Easy identification:Infected files will not run as they are over- written by the resp. virus; only virus code will be executed, and system will then crash.

Type of Infection:

Infection Technique:
Infection Trigger:Any time an infected file is run, the viruses infects one or all .COM files in the current directory.
Storage Media affected:
Interrupts hooked:---
Encoding Method:
Damage:Permanent damage: infected file is overwritten.
Damage Trigger:Execution of an infected file.
Particularities:The file date/time will be set to the date of the infection. TRIVIAL.30.B overwrites 256 bytes of a file and uses two different opcodes for the same purpose. TRIVIAL.30.C Virus swaps some opcode, but 98% is the same code. TRIVIAL.30.C overwrites 30 bytes of a file
Similarities:In stepwise reduction of size, TRIVIAL viruses aim at achieving the shortest code suitable for infection. Though probably different authors worked on the viruses, this common goal is explicitly mentioned in some texts. While early version contain several texts, later versions contain essentially code suf- ficient to infect files by overwriting them; but texts may be deposited in infected files at remote locations. Every virus in TRIVIAL strain infects one or all *.COM or *.C* or *.* files in the current directory, by overwriting the first bytes of the files with itself. If the file to be infectes is smaller than the resp. virus, the file size will grow to the virus' size.


Standard means:Notice file length and file date/time. Use ReadOnly attribute. Infected files can only be disinfected by replacing them with the original files.


Location:Virus Test Center, University Hamburg, Germany
Classification by:Stefan Tode
Documentation by:Stefan Tode
Information Source:

(c) 1996 Virus-Test-Center, University of Hamburg