| Alias: | TUQ, 453 |
| Strain: | |
| detected when: | August 1, 1990 |
| where: | Suedwestdeutscher Bibliotheksverbund |
| Classification: | Program virus: direct action COM-infector |
| Length: | .COM files: 453 bytes appended |
Preconditions | |
| Operating System(s): | MS-DOS |
| Version/Release: | Version 2.0 upwards |
| Computer model(s): | All MS-DOS-Machines |
| Caroname: | TUQ |
Attributes | |
| Easy identification: | Diverse texts are visible (with proper tool) in the virus; the offsets given are relative to the address the JMP instruction (cf. infra) points to: offset | string / bytes found -------+---------------------------------- 007 | "VIRUS" 00D | "*.COM" 013 | "????????COM" 030 | file-id of the infected program 043 | original contents of 1st 3 bytes 052 | "TUQ(?)RPVS" |
Type of Infection: | Direct action; begin of program is overwritten with JMP to appended viral code. |
| Infection Technique: | |
| Infection Trigger: | Executing an infected file will trigger the infection attempt in the local directory. No files outside the local directory have been infected during tests. |
| Storage Media affected: | |
| Interrupts hooked: | --- |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Transient damage: --- Permanent damage: --- |
| Damage Trigger: | --- |
| Particularities: | --- |
| Similarities: | |
Agents | |
| Countermeasures: | ANTI!453.EXE (Daniel Loeffler,VTC-Hamburg) looks for infected files on a given drive (d:) and optionally removes the virus (if /f given). |
| Standard means: | --- |
Acknowledgements | |
| Location: | Rechenzentrum der University Konstanz |
| Classification by: | Otto Stolz |
| Documentation by: | Otto Stolz |
| Date: | 15-July 1991 |
| Information Source: | |
(c) 1996 Virus-Test-Center, University of Hamburg