Virus-Spotlight: The Scitzo virus --------------------------------- Virus Name: Scitzo Aliases: Red-A V Status: Ok Discovery: Rebound's harddrive Symptoms: COM and EXE files growth, decrease of available memory Origin: Lund, Sweden Eff Length: 1277 bytes, I think Type Code: RPCE - Resident polymorphic COM/EXE infector Detection Method: Most anti-virus programs can probably detect it by now Removal Instructions: Format the harddrive! (quote: Mikael Larsson/VHC) General Comments: The scitzo virus was written in Lund, Sweden 1994, by someone calling himself Red A. A person with a great sense of humour and programming capabilities. The first release of this virus was send out to atleast one major bulletin-board-system located somewhere in Sweden. From this place it was downloaded by a great number of loosers, that got their files corrupted due to a slight bug in the infection-routine. This bug was however fixed in the latter version. Scitzo will install itself resident in the top of memory but below the 640 kb boundary, allocating enough space for itself. It's not shown whenever a mem /c is performed, still mem and chkdsk will report the loss of memory. Whenever a file is executed, or opened (for any reason) the virus will infect that file. The next time this program is executed, it will check if it's already is resident, if so, it'll not go-up again, otherwise, it'll load itself into the memory waiting to infect new targets. Either way, it'll then let the original program execute normally. Making this virus non-overwriting (duh). Before the virus is about to close the (now) infected file, there is a one percent that the virus will add 'I feel a little scitzo...' to the end of the file. Otherwise, the Scitzo virus doesn't do anything besides replicating.