10_Past_3.748 Virus (20-FEB-1993)
Entry...............: 10_Past_3.748 Virus
Alias(es)...........: Tea Time Virus
Virus Strain........: 10_Past_3 Virus Strain 
Virus detected when.: 
              where.: South Africa (common in Jan.1993)
Classification......: Resident COM infector (appending),armouring
Length of Virus.....: 1.Length (Byte) on media:  748 Bytes
                      2.Length (Byte) in memory: 748 Bytes
--------------------- Preconditions ------------------------------------
Operating System(s).: MS-DOS 
Version/Release.....: 
Computer model(s)...: IBM PCs and compatibles
--------------------- Attributes ---------------------------------------
Easy Identification.: 
Type of infection...: Self-Identification in memory:
                         mem[1ACh..1AFh] = 46h 42h 06h 22h
                      Self-Identification on media: file's end: 06h 22h
Infection Trigger...: Execution of an infected COM program 
                         with 4<=LengthCOM<=64496.
Storage media affected: 
Interrupts hooked...: INT 21h function 4Bh 
Damage..............: Permanent Damage:   ---
                      Transient Damage#1: Reboot during INT 21h.
                      Transient Damage#2: Tamper with interrupt 
                                          vectors so as to hang PC.
                      Transient Damage#3: Install new keyboard handler 
                                          which affects Shft&Ctrl states.
Damage Trigger......: Permanent Damage:   ---
                      Transient Damage#1: Reboot on any 22th day in 
                                          1991 and any year after.
                      Transient Damage#2: In 1991 and any year after:
                                          If day=29 then trash INT 13h;
                                          If day= 1 then trash INT  9h;
                                          If day=10 then trash INT  Dh;
                                          If day=16 then trash INT 10h. 
                      Transient Damage#3: Between 15h10min and 15h13min,
                                          AND if INT 21h occurs 
                                          THEN install keyboard handler 
                                          which sets Shft & Ctrl states
                                          randomly on about 1 in 11 key-
                                          strokes.
Particularities.....: Reported in South Africa; purportedly written by
                         a person with the pseudonym Marvin Giskard.
Similarities........: Other variant: 10_Past_3.789
--------------------- Agents -------------------------------------------
Countermeasures.....: 
Countermeasures successful: 
Standard means......: 
--------------------- Acknowledgement ----------------------------------
Location............: CSIR Computer Virus Research Lab, Pretoria, RSA
Classification by...: Paul Ducklin
Documentation by....: Paul Ducklin (CARObase)
                      Klaus Brunnstein (converted to CVC format)
Date................: 1993-February-15
Information Source..: Reverse-Engineering of virus

.