"SURIV 2.01" (5-June-1990) Entry...............: "SURIV 2.01" Alias(es)...........: "APRIL 1ST" Virus Strain........: Jerusalem-Virus Virus detected when.: --- where.: --- Classification......: Link - Virus (extending), RAM - resident Length of Virus.....: .EXE - Files: Program length increases by 1488 bytes --------------------- Preconditions ----------------------------------- Operating System(s).: MS-DOS Version/Release.....: 2.xx upward Computer model(s)...: IBM - PC, XT, AT and compatibles --------------------- Attributes -------------------------------------- Easy Identification.: Typical text in Virus body (readable with HexDump-utilities): "sURIV 2.01" Type of infection...: System: RAM-resident. .EXE file: extended by using EXEC-function; files will not be infected more than once. .COM File: no infection. Infection Trigger...: When function 4B00H of INT 21H (EXEC) is called. Interrupts hooked...: INT 1C, INT 21H, INT 24H Damage..............: Permanent Damage: -- Transient Damage: The virus examines the current date. On every 1st April, the virus will display the message "APRIL 1ST HA HA HA YOU HAVE A VIRUS", and the computer will hang in an endless loop. In 1980 and on every Wednesday after 1. April 1988, the computer will hang at latest 55 minutes after system infection in an endless loop. Particularities.....: One function (0DEH) used by Novell - Netware 4.0 can't be used. --------------------- Agents ------------------------------------------ Countermeasures.....: --- - ditto - successful: --- Standard means......: Notice .EXE file length. Typical text in virus body: "sURIV 2.01" --------------------- Acknowledgement --------------------------------- Location............: Virus Test Center, University Hamburg, FRG Classification by...: Thomas Lippke Documentation by....: Thomas Lippke Date................: 5-June-1990 .