Category : System Diagnostics for your computer
Archive   : 20A07.ZIP
Filename : 20A07.TXT

Output of file : 20A07.TXT contained in archive : 20A07.ZIP
20A07.TXT - Description file for 20A07.DEF
AntiVirus Lab, SYMANTEC/Peter Norton Product Group
August 01, 1992

Instructions for Loading Definitions

1) Run Virus Clinic by typing NAV at the DOS prompt.

2) Press to accept the Welcome screen.

3) Press to bypass the "Scan Drives" Screen.

4) Press to pull down the "Definitions" menu.

5) Press to select "Load from File..."

6) If the name of the drive and directory to which you loaded
the definition file does not appear on the "Directory:" line,
type the proper drive and directory name and press .
The name of the definition file should appear in the "Files"

7) Enter the name of the definition file and press .

8) Press to exit from the "Load Definition File Results"

9) Press to bring up the "Exit Norton AntiVirus" box.

10) Press to exit the program.

11) Reboot your computer to activate the new definitions.



BigV is a memory resident virus targeting Boot Sectors. Big V becomes memory
resident on boot. It infects hard disk if not already infected, then, it
infects floppies when they are formatted, possibly at other times. The virus
occupies about 2K while in memory, and 2 sectors on the hard disk and floppy.
It may damage the FAT or files near the front of the disk on infection by
overwriting with the 2 sectors of the viral code. Big V hooks INT 13
indirectly through IO.SYS. Intermittently, it displays large V on the screen
and hangs the system. Repair is available for hard disks. Floppies can not be

Welcome is a memory resident virus targeting both COM and EXE files.
Welcome hooks INT 21 when it becomes memory resident, and infects
files as they are executed. Infected files increase in size by 1350-1400 bytes
depending of the variant. Welcome is of the APPENDING type; thus, the viral
code is located at the end of the file. Infected EXE files are repairable;
however infected COM files are not.

Unwelcome (aka Scream2)
Unwelcome is an encrypting, memory resident virus targeting both EXE and
COM files including COMMAND.COM. While memory resident, the virus infects
files as they are executed. COM files increase in size by 700 (692) bytes,
and EXE files increase in size by 1000 (932) bytes.

Fish Boot
Fish Boot is a memory resident virus targeting the Partition Table Sector
and the Boot Sector. It seem to only infects hard disks and floppies.
However,there may be a dropper for the virus. Fish Boot occupies three
sectors on the disk toward the end of the disk. Two of the sectors contain
viral code and data, and the third sector is the original Boot Sector. When
the virus is memory resident, it would have hooked INT 13 and INT 10. It
displays the following message on the upper right side of the screen:
"Hello! I am FISH, please don't kill me
Congratulate 80th year of the Republic of
China Building, Fish will help to kill stone
Written by Fish in NTIT. TAIWAN 80.10.18"
Also, the system seems to slow down especially screen writes. It is not
confirmed whether this virus does anything destructive. Boot Fish can be
repaired by NAV.

PSQR-1364 is a variant of the Jerusalem Family. It is a memory resident virus
targeting EXE files. The virus has an internal counter.
At some point, when the counter gets to zero, possibly on Friday the 13th,
the virus will activate. On activation, it trashes the current logical drive.
On drives with multiple partitions, chances are only the current partition is
destroyed. If the current drive is a floppy, it may be trashed. PSQR-1364 seems
to infect files when they are executed, or when they are opened. So, if a file
is copied while the virus is in memory, chances are it will get infected.
Unfortunately, repair is not possible on files infected by this virus since
the virus overwrites a portion of the original file.

(Note: File size growth is given in approximate numbers. If a number is
enclosed in parentheses, that number would be the growth of one of the more
common variants. As it is too easy for a virus writer to alter this number
without changing the virus significantly, do not depend on the more precise
number. It is provided for your confidence should you encounter it, which
we hope never happens.)

  3 Responses to “Category : System Diagnostics for your computer
Archive   : 20A07.ZIP
Filename : 20A07.TXT

  1. Very nice! Thank you for this wonderful archive. I wonder why I found it only now. Long live the BBS file archives!

  2. This is so awesome! 😀 I’d be cool if you could download an entire archive of this at once, though.

  3. But one thing that puzzles me is the “mtswslnkmcjklsdlsbdmMICROSOFT” string. There is an article about it here. It is definitely worth a read: