Ontario.1024 (computer virus)
Encyclopedia
Ontario.1024 is a computer virus
, discovered in October 1991, over a year after the isolation of the first Ontario virus, Ontario.512
. Relative to Ontario.512, most additions involve making the virus harder to detect.
file infector. Upon the execution of an infected .COM
or .EXE
file, Ontario.1024 goes memory resident and infects files of these types upon being opened. COMMAND.COM
is infected using a special routine. Infected files will increase in size by 1,024 bytes. However, when Ontario.1024 is in memory, no increase in file size will be observed due to the virus' stealthing. Unlike Ontario.512, it will not infect .OVL files.
The first three symptoms are good indications that a virus is present, but are not necessarily specific to Ontario.1024.
and Israel
at its peak in 1994-1995.
Like all DOS file infectors, the advent of Windows
significantly hindered the spread of Ontario.1024. Trend Microhttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ONTARIO%2E1024&VSect=S&Period=1y reports 301 infections since 6 November 2000, with rates having fallen to about once every month or two by 2005.
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
, discovered in October 1991, over a year after the isolation of the first Ontario virus, Ontario.512
Ontario (computer virus)
Ontario.512 is a computer virus, discovered in July 1990. It is named after its point of isolation, the Canadian province of Ontario. Because Ontario.1024 was also discovered in Ontario, it is likely that both viruses originate from within the province...
. Relative to Ontario.512, most additions involve making the virus harder to detect.
Infection
Ontario.1024 is an encrypting, stealth DOSDOS
DOS, short for "Disk Operating System", is an acronym for several closely related operating systems that dominated the IBM PC compatible market between 1981 and 1995, or until about 2000 if one includes the partially DOS-based Microsoft Windows versions 95, 98, and Millennium Edition.Related...
file infector. Upon the execution of an infected .COM
COM file
In many computer operating systems, a COM file is a type of executable file; the name is derived from the file name extension .COM. Originally, the term stood for "Command file", a text file containing commands to be issued to the operating system , on many of the Digital Equipment Corporation mini...
or .EXE
EXE
EXE is the common filename extension denoting an executable file in the DOS, OpenVMS, Microsoft Windows, Symbian, and OS/2 operating systems....
file, Ontario.1024 goes memory resident and infects files of these types upon being opened. COMMAND.COM
COMMAND.COM
COMMAND.COM is the filename of the default operating system shell for DOS operating systems and the default command line interpreter on Windows 95, Windows 98 and Windows Me...
is infected using a special routine. Infected files will increase in size by 1,024 bytes. However, when Ontario.1024 is in memory, no increase in file size will be observed due to the virus' stealthing. Unlike Ontario.512, it will not infect .OVL files.
Symptoms
Ontario.1024 is the least readily identified version of the Ontario family. The following symptoms can be observed:- An increase in size of infected COM and EXE files of 1,024 bytes.
- A decrease in available system memory of 3,072 bytes.
- File size being changed after executables (infected ones) are executed, to display original file size.
- Occasional printer-related problems.
The first three symptoms are good indications that a virus is present, but are not necessarily specific to Ontario.1024.
Prevalence
The WildListhttp://www.wildlist.org/, an organisation tracking computer viruses, listed Ontario.1024 as being in the field from July 1993 to December 1998, when it was removed due to lack of a submitted sample. These reports indicated that Ontario.1024 had spread as widely as AustraliaAustralia
Australia , officially the Commonwealth of Australia, is a country in the Southern Hemisphere comprising the mainland of the Australian continent, the island of Tasmania, and numerous smaller islands in the Indian and Pacific Oceans. It is the world's sixth-largest country by total area...
and Israel
Israel
The State of Israel is a parliamentary republic located in the Middle East, along the eastern shore of the Mediterranean Sea...
at its peak in 1994-1995.
Like all DOS file infectors, the advent of Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
significantly hindered the spread of Ontario.1024. Trend Microhttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ONTARIO%2E1024&VSect=S&Period=1y reports 301 infections since 6 November 2000, with rates having fallen to about once every month or two by 2005.