AIDS II (computer virus)
Encyclopedia
AIDS II is a companion computer virus
, which infects COM file
s. It was first discovered in April 1990, and is a variant of AIDS
. Unlike other generic file infectors, AIDS II was the first known virus to employ what could be called a "corresponding file technique" of infection so that the original target EXE
file is never changed. The virus takes advantage of the DOS
feature where if a file exists in both COM and EXE form, the COM file is executed. When an "infected" file is executed, since a corresponding COM file exists, the COM file containing the viral code is executed. The virus first locates an uninfected EXE file in the current directory and creates a corresponding (or companion) COM file with the viral code. These COM files will always be 8,064 byte
s in length with a file date/time of the date/time of infection. After creating the new COM file, the virus then plays a melody
and displays the following message
AIDS II then spawns to the EXE file that was attempting to be executed in the first place, and the program runs without problem. After completion of the program, control returns to the virus. The melody is played again with the following message displayed
Since the original EXE file remains unaltered, CRC
programs cannot detect this virus having infected a system. One way to manually remove AIDS II is to check the disk for programs which have both a .EXE and .COM file, with the COM file having a length of 8,064 bytes. The COM files thus identified should be erased.
According to Symantec, AIDS II may play a melody and display the following string
The displayed text strings do not appear in the viral code.
The AIDS II virus is not to be confused with the AIDS trojan
or the AIDS computer virus
.
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
, which infects COM file
COM file
In many computer operating systems, a COM file is a type of executable file; the name is derived from the file name extension .COM. Originally, the term stood for "Command file", a text file containing commands to be issued to the operating system , on many of the Digital Equipment Corporation mini...
s. It was first discovered in April 1990, and is a variant of AIDS
AIDS (computer virus)
AIDS is a computer virus written in Turbo Pascal 3.01a which overwrites com files. AIDS is the first virus known to exploit the MS-DOS "corresponding file" vulnerability. In MS-DOS, if both foo.com and foo.exe exist, then foo.com will always be executed first...
. Unlike other generic file infectors, AIDS II was the first known virus to employ what could be called a "corresponding file technique" of infection so that the original target EXE
EXE
EXE is the common filename extension denoting an executable file in the DOS, OpenVMS, Microsoft Windows, Symbian, and OS/2 operating systems....
file is never changed. The virus takes advantage of the DOS
DOS
DOS, short for "Disk Operating System", is an acronym for several closely related operating systems that dominated the IBM PC compatible market between 1981 and 1995, or until about 2000 if one includes the partially DOS-based Microsoft Windows versions 95, 98, and Millennium Edition.Related...
feature where if a file exists in both COM and EXE form, the COM file is executed. When an "infected" file is executed, since a corresponding COM file exists, the COM file containing the viral code is executed. The virus first locates an uninfected EXE file in the current directory and creates a corresponding (or companion) COM file with the viral code. These COM files will always be 8,064 byte
Byte
The byte is a unit of digital information in computing and telecommunications that most commonly consists of eight bits. Historically, a byte was the number of bits used to encode a single character of text in a computer and for this reason it is the basic addressable element in many computer...
s in length with a file date/time of the date/time of infection. After creating the new COM file, the virus then plays a melody
Melody
A melody , also tune, voice, or line, is a linear succession of musical tones which is perceived as a single entity...
and displays the following message
- "Your computer is infected with ...
- `xff`x03 Aids Virus II `xff`x03
- - Signed WOP & PGT of DutchCrack -"
AIDS II then spawns to the EXE file that was attempting to be executed in the first place, and the program runs without problem. After completion of the program, control returns to the virus. The melody is played again with the following message displayed
- "Getting used to me?
- Next time, use a Condom ....."
Since the original EXE file remains unaltered, CRC
Cyclic redundancy check
A cyclic redundancy check is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data...
programs cannot detect this virus having infected a system. One way to manually remove AIDS II is to check the disk for programs which have both a .EXE and .COM file, with the COM file having a length of 8,064 bytes. The COM files thus identified should be erased.
According to Symantec, AIDS II may play a melody and display the following string
- "Your computer is infected with AIDS VIRUS II"
The displayed text strings do not appear in the viral code.
The AIDS II virus is not to be confused with the AIDS trojan
AIDS (trojan horse)
AIDS, also known as Aids Info Disk or PC Cyborg Trojan, is a trojan horse that replaces the AUTOEXEC.BAT file, which would then be used by AIDS to count the number of times the computer has booted...
or the AIDS computer virus
AIDS (computer virus)
AIDS is a computer virus written in Turbo Pascal 3.01a which overwrites com files. AIDS is the first virus known to exploit the MS-DOS "corresponding file" vulnerability. In MS-DOS, if both foo.com and foo.exe exist, then foo.com will always be executed first...
.
External links
- Computer Viruses (A), by Probert Encyclopedia
- AIDS II virus, by McAfee
- AIDS II, by Symantec