RPVS/TUQ Virus (15-July-1991)
Entry..............: RPVS Virus
Alias(es)..........: TUQ = "453" Virus
Strain.............: ---
Detected: when.....: August 1, 1990
          where....: Suedwestdeutscher Bibliotheksverbund
                       (located at University of Konstanz)
Classification.....: Program virus: direct action COM-infector
Length of virus....: .COM files: 453 bytes appended
------------------------ Preconditions -------------------------------
Operating System(s): MS-DOS
Version/Release....: Version 2.0 upwards
Computer models....: All MS-DOS-Machines
------------------------Attributes -----------------------------------
Easy identification: File size increases by 453 bytes.
                     Diverse texts are visible (with proper tool) in
                        the virus; the offsets given are relative to
                        the address the JMP instruction (cf. infra) 
                        points to:
                       offset | string / bytes found
                       -------+----------------------------------
                         007  | "VIRUS"
                         00D  | "*.COM"
                         013  | "????????COM"
                         030  | file-id of the infected program
                         043  | original contents of 1st 3 bytes
                         052  | "TUQ(?)RPVS"
Self-identification: Last two bytes = 9090(hex).
                        When an infected file is executed, one
                        uninfected .COM-file in current directory
                        is infected by appending the viral code.
Type of infection..: Direct action; begin of program is overwritten
                        with JMP to appended viral code.
Infection trigger..: Executing an infected file will trigger the
                        infection attempt in the local directory.
                        No files outside the local directory have 
                        been infected during tests.
Storage media affected: Current media (Current directory).
Interrupts hooked..: ---
Damage.............: Transient damage: ---
                     Permanent damage: ---
Damage trigger.....: ---
Particularities....: ---
--------------------- Agents -----------------------------------------
Countermeasures....: Category 3: ANTI!453.EXE (d:) (/f)
Countermeasures successful: ANTI!453.EXE (Daniel Loeffler,VTC-Hamburg)
                            looks for infected files on a given drive 
                            (d:) and optionally removes the virus 
                            (if /f given).
Standard means.....: ---
----------------------- Acknowledgement ------------------------------
Location...........: Rechenzentrum der University Konstanz
Classification by..: Otto Stolz <RZOTTO at DKNKURZ1.BITNET>
                     Daniel Loeffler (VTC-Hamburg)
Dokumentation by ..: Otto Stolz <RZOTTO at DKNKURZ1.BITNET>
                     Daniel Loeffler (VTC-Hamburg)
Date...............: 15-July 1991

.