[Reasonably] Harmless Viruses
The viruses listed below do very little beyond replicating, and are thus reasonably undamaging.
5loDiscovered in October 1992, this virus does little more than replicate. It only infects .exe files on the DOS operating system. It has a size of 1032 bytes. At the direct end of the infected file, the message
92.05.24.5lo.2.23MZ can be found, which is where this virus gets its name from.
The main way to tell that a file has been infected is that the size increases by 1000 - 1100 bytes. The timestamp of the file will also change to the time of infection. As the virus ties itself to the operating system, it can't be found through
MEM/C. Total free space is also reduced by about 2KB.
AdolphAdolph is a very basic virus that was discovered in the year 2000. All it does is change the timestamp of any file it infects to the date and time of infection, appending itself to the end of the file and adding . It affects all systems using Windows NT and contains the string
Adolf Hitler.
AgenaAgena, often written as AGENA, is a memory-resident virus which infects .com and .exe files on DOS, including command.com. Upon infection, Agena becomes memory resident at a point at the start of the memory, but below the 640K DOS boundary. From there, Agena infects .com and .exe files as they are ran.
Agena appends itself to the end of the file, increasing its length by 723 to 738 bytes but not changing the timestamp of the file. Free memory will decrease by about 1296 bytes.
AntiCMOSAntiCMOS, also known as Lenart, is a virus that would be dangerous if it was not for a massive bug in the code. It is a rather standard DOS boot sector virus, and was designed to erase the CMOS, having a payload date of December 1993, though, due to the bug in the code, the payload never happened in any variant. It was isolated in Hong Kong in 1994, but still exists in the wild as of 2005, having become common in North America in 1995. Though it may still exist, the threat is obsolete.
ApplvirApplvir is an old virus for the Apple II system created in 1981, around the same time the Elk Cloner virus was also created for the same system. Due to its age, not much is known about what it actually does, as the terms used back then are not the same as the terms used today. Made by Joe Delinger, the virus is designed to be effectively invisible - which only the third variant succeeds in being.
The second variant spread to the University of Illinois, where it caused the game "Congo" to stop working, but no other effects were recorded. The virus was still around as of 1984, but most modern anti-virus systems do not even notice it, and it poses no threat if it comes onto a system anyway, as Apple II are archaic systems and the probability of anyone having one nowadays is extremely low.
ARCV-nARCV-n is the collective name for a large range of incredibly similar viruses created by the ARCV group. Bordering on Annoying, the only thing these viruses do is infect .com and/or .exe files, depending on the variant, and display text messages on the screen when the infected program is run on a certain date.
Most of the variants have subvariants. The two main ones are:
*
ICE-9 - Sorry 9H9P9D fans, this variant is completely unrelated to the mysterious Ice-9 from the game you love. These variants are all written by the ARCV member ICE-9
- [X-1] displays the message
ICE-9 Presents. In Association with The ARcV [X-1]. Michelangelo activates -< TOMORROW >- on March 3rd, possibly giving a warning to the payload of the Michaelangelo virus, though its payload is actually on March 6th.
- [ACRV93] displays the message
Happy New Year from the ARCV. Released 1 June 1992. Made in England by ICE-9 in January.
- [ACRVXMAS] displays the message
Happy Xmas from The ARCV. from December 20th to December 25th.
- [SOLOMoN] displays the message
Hello Dr Sol. & Fido. Lurve U lots ICE-9 (c) 1992 ARCV. P.S. Apache sez Hi(Dos) whenever the infected file is run
*
Apache Warrior - Written by the ARCV member of the same name, the Apache Warrior variants often have interesting messages to display
- [ARCV-3] displays the message
Yo.. I've Just Found a Virus.. Oops.. Sorry I'm the Virus. Well let me introduce myself.. I am ARCV-3 Virus, by Apache Warrior. Long Live The ARCV and Whats an Hard ECU? Vote Yes to the Best Vote ARCV.. in February.
- [ACRV-4] displays the message
So Who's the Best Then? Oh Well Sorry But The ARCV Are The Best! Well Your in Favor with Us then. on May 9
- [ARCV-2] displays the message
Help.. Help.. I'm Sinking........ in April
- [ARCV-1] displays the message
Long Live The ARCV. MUFC for the League! (c) Apache Warrior, ARCV Pres. 92 Welcome to the REAL World. And the ARCV 1 Virus! on June 15th
- [ACRV-10] displays the message
Well its finally here The -= ARCV =- Welcome To our New Members.......... whenever the infected file is run
- [JO] displays the message
Looking Good Slimline Joanna. Made in England by Apache Warrior, ARCV Pres. Jo Ver. 1.11 (c) Apache Warrior 92. I Love You Joanna, Apache... Another, similar virus with the same prefix code displays the message
This is Dedicated To the Girl I Love, Joanna Dicks. Made in England by Apache Warrior, ARCV Pres. Jo Ver. 1.01 (c) Apache Warrior 92. I Love You Joanna, Apache.. whenever the infected file is run. This is obviously an earlier version of this variant
- [Sandwich] is possibly the most interesting of all the variants, displaying the message
Which ARCV Member Likes a Sandwich? Cheese, Beef Spread, Cucumber and Crisp Corned Beef and Salad Cream Jaffa Cake and Hamster on Rye Is it A. Apache Warrior B. ICE-9 C. Slartibartfast Select a Letter: Well you know you're ARCV Members. Bad Luck.. Better Luck Next Time. whenever the infected file is run. This message references a third ARCV member, possibly the one responsible for all the seemingly unrelated variants.
- [Scythe] displays the message
This is the Scythe for Reaper Man. Beware I'm Sharp! Made in England by Apache Warrior, ARCV Pres. Scythe Ver. 1.01 (c) Apache Warrior 92. Reaper Man Swung The SCYTHE and the PC Died! on December 12th. The message references [Reaperman], another Apache Warrior variant.
CohvirCohvir is the first virus to ever be referred to as a virus. Written by Fred Cohen and discovered in 1983, all this virus does is prepend itself to Unix executable files. It was created merely as a test to show how self-replicating code worked.
DenzukoDenzuko is famous for being the first nematode - a virus that destroys another virus. It was created to destroy the Brain virus, and will remove itself if the computer is booted from the harddrive. Its potential to be destructive is small, as it writes itself to 9 sectors on track 40 of floppy disks, which are not used by typical 360KB floppy disks. It does not write itself to the harddrive at all. However, if the user attempts to use CTRL-ALT-DELETE,
DEN ZUKO will appear on the screen in stylised text and the virus will remain in memory as the computer reboots. This virus was discovered in 1988 and was created by Denny Zuko of Indonesia.
Elk ClonerElk Cloner is a virus that infects Apple II systems. Written nigh simultaneously with Applvir, the two viruses hold about the same threat level, though Elk Cloner can actually be detected by Avira. This boot sector virus was written by the then 15-year-old Rich Skrenta as a practical joke on his friends. On every fiftieth boot, the screen would display the short poem
Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, it's Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!JoshiJoshi is a DOS boot sector virus that borders annoying, but is reasonably harmless. It originated from India and was discovered in 1990. It writes itself in a rather complicated manner - as it says on the Malware Wiki "When the system is booted with a disk infected with Joshi, the virus will become resident in memory and takes up about 6,000 bytes. The virus infects the partition tables of hard disks. It also infects any floppy disks that are accessed while the virus is resident. On hard disks, the rest of the virus woud be stored at track 0, sectors 2 to 6. The original partition table will be stored at track 0, sector 9. On floppies, it will be at 41, sectors 1 to 5 on 360 kilobyte disks and track 81, sectors 1 to 5 on 1.2 megabyte disks."
It causes any attempt to format the disk to fail with a
bad track 0 error. In addition, it protects its sectors from being overwritten by the Stoned virus. Any attempts to read the boot sector will be redirected to the copy of the boot sector.
On January 5, the screen will turn green and the message
Type "Happy birthday Joshi" will appear on the screen. The computer won't respond until you type in
Happy birthday Joshi.
nVIRnVIR is a virus that infects Macintosh systems running OS 4.1 to OS 8, making it rather obsolete. There are many variants, each giving different symptoms, such as application crashes, errors with laser printers, and, if the user has Macintalk installed, the system will occasionally say
Don't panic and also beep on occasion.
OneHalfOneHalf is an unusual polymorphic virus for DOS, which has the rather interesting payload of encrypting the files it infects and decrypting them when they are accessed. It infects the master boot record, .com and .exe files, with the exception of any file with
SCAN,
CLEAN,
FINDVIRU,
GUARD,
NOD,
VSAFE,
MSAV or
CHKDSK in the name. The virus will display the following message on 4th, 8th, 10th, 14th, 18th, 20th, 24th, 28th and 30th of any month and under some other conditions:
Dis is one half.
Press any key to continue ...RushhourThis virus only infects KEYBGR.com, a German keyboard driver on DOS systems. An infected system will occassionally let out noises similar to white noise, and the code contains the message string:
This program is a VIRUS program.
Once activated it has control over alls
ystem devices and even over all storage
media inserted by the user. It continually
copies itself into uninfected operating
systems and thus spreads uncontrolled.
The fact that the virus does not destroy any
user programs or erase the disk is merely due
to a philanthropic trait of the author......A variant of this virus has this similar message in Dutch:
Dit is een demonstratie van een zogenaamd computervirus.Het
heeft volledige controle over alle systeem-componentenen alle
harde schijven en in de drive(s) ingevoerdediskettes. Het
programma kopieert zichzelf naar andere,nog niet besmette
besturingssystemen en verspreidt zich opdie manier
ongecontroleerd. In dit geval zijn er geenprogramma`s beschadigd
of schijven gewist, omdat ditslechts een demonstratie is. Een
kwaadaardig virushad echter wel degelijk schade aan kunnen richten.Which I believe - but don't quote me on this - means
This is a demonstration of a so-called computer virus. It has complete control over all system components all hard disks and in the drive(s) introduced diskettes. It copies itself to another uncontaminated program, and spreads in an uncontrolled manner. No program has been damaged and no disks were erased, because this is solely a demonstration. It would have been possible to create one that does damage, but that would be contrary to our goals.SCAThis is the first virus to have been created for the Commodore Amiga system, and one of the first to become infamous among the public of the time. It was written by Swiss Cracking Association member CHRIS, and displays the following text on every fifteenth reboot:
Something wonderful has happened Your AMIGA is alive !!! and, even better...
Some of your disks are infected by a VIRUS !!! Another masterpiece of The Mega-Mighty SCA !!Though it does no damage to harddrives, if a floppy disk that uses a custom bootblock (such as a game floppy) becomes infected, it will be rendered unusable. It can also cause damage by erasing newer filesystems on floppys if the user does not know the correct install command to uninstall SCA (
install df0: FFS FORCE)
ScoresScores is a Macintosh virus first discovered in 1988. It was written by a programmer who was annoyed at being fired from the company he worked at, and it only attacks two unreleased programs made by said company. Scores infects Scrapbook, Notepad and System files on System 6 and System 7. The simplest way to identify that your system is infected is by checking to see what icon Notepad and Scrapbook icons have. If they have blank document icons instead of either little Macintosh icons or their own standard icons, then they are infected. Though Scores was not created to cause damage, a system running 6.0.4 or above will have its system files damaged, as they use the same resources as Scores.
Scott's ValleyScott's Valley is a 1990s DOS virus that is a member of the Slow family of viruses. It is a very standard DOS virus, and infects .com and .exe files. All infected files increase in size by about 2131 bytes, and Interrupt 21 will be hooked. As with all Slow viruses, Scott's Valley slows down the system. It does nothing else to damage the system.
SignumSignum, also known as BPL, is one of the few viruses for the Atari computer systems, in particular the Atari ST. This virus infects the boot sector on any floppies inserted into the A: or B: drives. Not much else is known, but it was not known to cause damage. It is estimated that, at one point, the virus' population exceeded 1 million.
TrackswapTrackswap is a boot sector virus that originates from the same place as Dark Avenger and his viruses, but it is unknown whether or not he created this virus. All this virus does is infect inserted disks, and is relatively harmless. It has a similar name to the Swap virus from Israel, but they appear to be unrelated.
W32.Induc.AThis virus is not only a show of how boring and unimaginitive virus names are nowadays, it is also one of the more modern viruses on my list. It only infects files used by the program Delphi, and remains dormant in the system until said program is installed. It was discovered in 2009 and can infect all released Windows computers.
ZMistZMist, also known as Zombie.Mistfall, is a metamorphic virus created by a Russian virus writer going under the name Zombie. All it was designed to do was show off how metamorphic viruses work, by inserting itself into a .exe by moving some of the .exe's code and essentially rebuilding the file around itself.
