| Alias: | Trivial.Hastings |
| Strain: | Trivial Virus Strain |
| detected when: | --- |
| where: | --- |
| Classification: | Overwriting COM infectors, direct action; not |
| Length: | 200 bytes (overwriting) |
Preconditions | |
| Operating System(s): | MS/PC-DOS 3.x upwards |
| Version/Release: | |
| Computer model(s): | All IBM PC/AT compatibles |
| Caroname: | Trivial.Hastings |
Attributes | |
| Easy identification: | Infected files will not run as they are over- written by the resp. virus; only virus code will be executed, and system will then crash. Texts found in virus at offset 40dez '*.COM by' (encrypted name deleted) 'AKA Nick Haflinger...' 'Zopy me I want' to travel' 'I can now program in assembler' 'This program was written in the town' 'of Hastings hehehehe!' |
Type of Infection: | |
| Infection Technique: | |
| Infection Trigger: | Any time an infected file is run, the viruses infects one or all .COM files in the current directory. |
| Storage Media affected: | |
| Interrupts hooked: | --- |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent damage: Overwriting infected files. Transient damage: After infection, virus displays the message: 'System Hanger! Enjoy! ' 'Note: Your system is now hanged.' 'Press Reset to continue.' Then systems may hang (HLT instruction) |
| Damage Trigger: | Execution of an infected file. |
| Particularities: | The file date/time will be set to the date of the infection. |
| Similarities: | In stepwise reduction of size, TRIVIAL viruses aim at achieving the shortest code suitable for infection. Though probably different authors worked on the viruses, this common goal is explicitly mentioned in some texts. While early version contain several texts, later versions contain essentially code suf- ficient to infect files by overwriting them; but texts may be deposited in infected files at remote locations. Every virus in TRIVIAL strain infects one or all *.COM or *.C* or *.* files in the current directory, by overwriting the first bytes of the files with itself. If the file to be infectes is smaller than the resp. virus, the file size will grow to the virus' size. |
Agents | |
| Countermeasures: | |
| Standard means: | Notice file length and file date/time. Use ReadOnly attribute. Infected files can only be disinfected by replacing them with the original files. |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, Germany |
| Classification by: | Stefan Tode |
| Documentation by: | Stefan Tode |
| Date: | 31-January-1993 |
| Information Source: | |
(c) 1996 Virus-Test-Center, University of Hamburg