| Alias: | |
| Strain: | - |
| detected when: | |
| where: | |
| Classification: | COM-infector |
| Length: | 0 |
Preconditions | |
| Operating System(s): | MS-DOS |
| Version/Release: | |
| Computer model(s): | PC's |
| Caroname: | Velvet.1400 |
Attributes | |
| Easy identification: | |
Type of Infection: | The virus overwrites the beginning of the file, appending the overwritten part after the end of the file. |
| Infection Technique: | |
| Infection Trigger: | (LengthCOM>=2300) and (LengthCOM=<61000)MESSAGES_DISPLAYED: NoneMESSAGES_NOT_DISPLAYED: "vzpomen.si""17. listopadu 1989 byl patek !!!" |
| Storage Media affected: | |
| Interrupts hooked: | None SELF_RECOGNITION_IN_MEMORY: None SELF_RECOGNITION_ON_DISK: if (File[1]+File[8]==0FFFEh) |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Transient: Creating file 'vzpomen.si' in root di-rectory. Permanent: None TRANSIENT_DAMAGE_TRIGGER: All .COM files in path and currentdirectory are infected. PERMANENT_DAMAGE_TRIGGER: None |
| Damage Trigger: | |
| Particularities: | System date is set to 17.11.1989 wheninfected file is executed, all infectedfiles have this date. Possible significantslowdown of executing infected files. The original begin of the program is stored inencrypted form. At the end of file is addes up to255 random bytes. |
| Similarities: | |
Agents | |
| Countermeasures: | |
| Standard means: | |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Petr Zahradnicek |
| Documentation by: | Petr Zahradnieck |
| Date: | 1993-08-18 |
| Information Source: | Carobase-entry (automatic converter by S.Freitag) |
(c) 1996 Virus-Test-Center, University of Hamburg