| Alias: | |
| Strain: | - |
| detected when: | |
| where: | |
| Classification: | COM-infector |
| Length: | 0 |
Preconditions | |
| Operating System(s): | MS-DOS |
| Version/Release: | |
| Computer model(s): | PC's |
| Caroname: | Velvet |
Attributes | |
| Easy identification: | |
Type of Infection: | The virus overwrites the beginning of the file, appending the overwritten part after the end of the file. Selfrec in memory: None Selfrec on disk: if (File[1]+File[8]==0FFFEh) |
| Infection Technique: | |
| Infection Trigger: | (LengthCOM>=2300) and (LengthCOM=<61000) |
| Storage Media affected: | |
| Interrupts hooked: | None |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Transient: Creating file 'vzpomen.si' in root di-rectory. Permanent: None |
| Damage Trigger: | Transient: All .COM files in path and currentdirectory are infected. Permanent: None |
| Particularities: | System date is set to 17.11.1989 wheninfected file is executed, all infectedfiles have this date. Possible significantslowdown of executing infected files. Displayed text: None Not displayed text: "vzpomen.si""17. listopadu 1989 byl patek !!!" The original begin of the program is stored inencrypted form. At the end of file is addes up to255 random bytes. |
| Similarities: | |
Agents | |
| Countermeasures: | |
| Standard means: | |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Petr Zahradnicek |
| Documentation by: | Petr Zahradnicek |
| Date: | 1993-08-18 |
| Information Source: | Caroentry (autom.converter by S.Freitag) |
(c) 1996 Virus-Test-Center, University of Hamburg