
                    VIRUS CHARACTERISTICS LIST  V50
                   Copyright 1989, McAfee Associates
                             (408) 988-3832
                           November 28, 1989


The following list outlines the critical characteristics of the known
IBM PC and compatible viruses.  This list may only be distributed as
part of the VIRUSCAN, SCANRES or SENTRY packages.

========================================================================

Infects Fixed Disk Partition Table-----------------+
Infects Fixed Disk Boot Sector-------------------+ |
Infects Floppy Diskette Boot ------------------+ | |
Infects Overlay Files------------------------+ | | |
Infects EXE Files--------------------------+ | | | |
Infects COM files------------------------+ | | | | |
Infects COMMAND.COM--------------------+ | | | | | |
Virus Remains Resident---------------+ | | | | | | |
Virus Uses Self-Encryption---------+ | | | | | | | |
                                   | | | | | | | | |
                                   | | | | | | | | |  Increase in
                                   | | | | | | | | |   Infected
                                   | | | | | | | | |   Program's
                                   | | | | | | | | |     Size
                                   | | | | | | | | |      |
                                   | | | | | | | | |      |
Virus             Disinfector      V V V V V V V V V      V       Damage
------------------------------------------------------------------------
Sylvia/Holland       SCAN/D        . x . x . . . . .    1332       p
Do-Nothing           SCAN/D        . . . x . . . . .     608       p
Sunday               SCAN/D        . x . x x x . . .    1636       O,P
Lisbon               SCAN/D        . . . x . . . . .     648       P
Typo/Fumble          SCAN/D        . x . x . . . . .     867       O,P
Dbase                SCAN/D        . x . x . . . . .    1864       D,O,P
Ghost Boot Version   MDISK         . x . . . . x x .     N/A       B,O
Ghost COM Version    SCAN/D        . . . x . . . . .    2351       B,P
New Jerusalem        M-JRUSLM      . x . x x x . . .    1808       O,P
Alabama              SCAN/D        . x . . x . . . .    1560       O,P,L
Yankee Doodle        SCAN/D        . x . x x . . . .    2885       O,P
2930                 SCAN/D        . x . x x . . . .    2930       P
Ashar                MDISK         . x . . . . x . .     N/A       B
AIDS                 SCAN/D        . . . x . . . . .    Overwrites Prm
Disk Killer          MDISK         . x . . . . x x .     N/A   B,O,P,D,F
1536/Zero Bug        SCAN/D        . x . x . . . . .    1536       O,P
MIX1                 SCAN/D        . x . . x . . . .    1618       O,P
Dark Avenger         M-DAV         . x x x x x . . .    1800       O,P,L
3551/Syslock         SCAN/D        x . . x x . . . .    3551       P,D
VACSINA              SCAN/D/A      . x . x x x . . .    1206       O,P
Ohio                 MDISK         . x . . . . x . .     N/A       B
Typo (Boot Virus)    MDISK         . x . . . . x x .     N/A       O,B
Swap/Israeli Boot    MDISK         . x . . . . x . .     N/A       B
1514/Datacrime II    SCAN/D        x . . x x . . . .    1514       P,F
Icelandic II         SCAN/D        . x . . x . . . .     661       O,P
Pentagon             MDISK         . . . . . . x . .     N/A       B
3066/Traceback       M-3066        . x . x x . . . .    3066       P
1168/Datacrime-B     SCAN/D        x . . x . . . . .    1168       P,F
Icelandic            SCAN/D        . x . . x . . . .     642       O,P
Saratoga             SCAN/D        . x . . x . . . .     632       O,P
405                  SCAN/D        . . . x . . . . .    Overwrites Pgm
1704 Format          M-1704        x x . x . . . . .    1704       O,P,F
Fu Manchu            SCAN/D        . x . x x x . . .    2086       O,P
1280/Datacrime       SCAN/D        x . . x . . . . .    1280       P,F
1701/Cascade         M-1704        x x . x . . . . .    1701       O,P
1704/CASCADE-B       M-1704        x x . x . . . . .    1704       O,P
Stoned/Marijuana     MDISK/P       . x . . . . x . x     N/A       O,B,L
1704/CASCADE         M-1704        x . x . . . . .    1704       O,P
Ping Pong-B          MDISP         . x . . . . x x .     N/A       O,B
Den Zuk              MDISK         . x . . . . x . .     N/A       O,B
Ping Pong            MDISK         . x . . . . x . .     N/A       O,B
Vienna-B             SCAN/D        . . . x . . . . .     648       P
Lehigh               SCAN/D        . x x . . . . . .  Overwrites   P,F
Vienna/648           M-VIENNA      . . . x . . . . .     648       P
Jerusalem-B          M-JRUSLM      . x . x x x . . .    1808       O,P
Yale/Alameda         MDISK         . x . . . . x . .     N/A       B
Friday 13th COM      SCAN/D        . . . x . . . . .     512       P
Jerusalem            SCAN/D/A      . x . x x x . . .    1808       O,P
SURIV03              SCAN/D        . x . x x x . . .               O,P
SURIV02              SCAN/D        . x . . x . . . .    1488       O,P
SURIV01              SCAN/D        . x . x . . . . .     897       O,P
Pakistani Brain      MDISK         . x . . . . x . .     N/A       B


Legend:

Damage Fields - B - Corrupts or overwrites Boot Sector
                                O - Affects system run-time operation
                                P - Corrupts program or overlay files
                                D - Corrupts data files
                                F - Formats or erases all/part of disk
                                L - Directly or indirectly corrupts file
                                    linkage

Size Increase - The length, in bytes, by which an infected
                program or overlay file will increase

Characteristics - x - Yes
                  . - No

Disinfectors -  SCAN/D   - VIRUSCAN with /D option
                SCAN/D/A         - VIRUSCAN with /D and /A options
                MDISK/P  - MDISK with "P" option
                All Others - The name of disinfecting program
           Note:
                  The SCAN /D option will overwrite and then delete the
                  entire infected program.  The program must then be
                  replaced from the original program diskette.  If you
                  wish to try and recover an infected program, then use
                  the named disinfector if available.

                                - end -
