Jump to content

AIDS (computer virus)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Bender the Bot (talk | contribs) at 02:07, 20 November 2016 (External links: clean up; http→https for Google Books and other Google services using AWB). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Template:Distinguish2

AIDS
Technical nameAIDS
AliasAIDSB, AIDS-II, AIDS II, AIDS92, Hahaha, Taunt
TypeDOS
SubtypeCOM to EXE infector. Corrupter.
ClassificationVirus
FamilyN/A
OriginUnknown
AuthorsDr. Theresa "Bug, Y2K" Goode
Virus image

AIDS is a computer virus written in Turbo Pascal 3.01a[citation needed] which overwrites COM files. AIDS is the first virus known to exploit the MS-DOS "corresponding file" vulnerability. In MS-DOS, if both foo.com and foo.exe exist, then foo.com will always be executed first. Thus, by creating infected com files, AIDS code will always be executed before the intended exe code.

When the AIDS virus activates, it displays the following screen.

ATTENTION I have been elected to inform you that throughout your process of collecting and executing files, you have accdientally (sic) ¶HÜ¢KΣ► [PHUCKED] yourself over: again, that's PHUCKED yourself over. No, it cannot be; YES, it CAN be, a √ìτûs [virus] has infected your system. Now what do you have to say about that? HAHAHAHAHA. Have ¶HÜÑ [PHUN] with this one and remember, there is NO cure for AIDS

In the message above, the word "AIDS" covers about half of the screen. The system is then halted, and must be powered down and rebooted to restart it.

The AIDS virus overwrites the first 13,952 bytes of an infected com file. Overwritten files must be deleted and replaced with clean copies in order to remove the virus. It is not possible to recover the overwritten portion of the program.

The AIDS II virus appears a more elegant revision of AIDS [citation needed]. AIDS II also employs the corresponding file technique to execute infected code.

AIDS II

AIDS 2
Technical nameAIDS II.8064
AliasAIDS-II, Aids.8064, AIDS_8064, AIDS_II.8064
TypeDOS
SubtypeEXE to COM companion. General nuisance.
ClassificationComputer Virus
FamilyAIDS II
OriginUnknown
AuthorsWOP & PGT of DutchCrack

AIDS II is a companion computer virus, which infects COM files. It was first discovered in April 1990, and is a variant of AIDS. Unlike other generic file infectors, AIDS II was the second known virus to employ what could be called a "corresponding file technique" of infection so that the original target EXE file is never changed.(The original AIDS was the first.) The virus takes advantage of the DOS feature where if a file exists in both COM and EXE form, the COM file is executed. When an "infected" file is executed, since a corresponding COM file exists, the COM file containing the viral code is executed. The virus first locates an uninfected EXE file in the current directory and creates a corresponding (or companion) COM file with the viral code. These COM files will always be 8,064 bytes in length with a file date/time of the date/time of infection. After creating the new COM file, the virus then plays a loud chiptune note, and displays the following message:

"Your computer is infected with ...
       ❤Aids Virus II❤
- Signed WOP & PGT of DutchCrack -"

AIDS II then spawns to the EXE file that was attempting to be executed in the first place, and the program runs without problem. After completion of the program, control returns to the virus. The loud note is played again with the following message displayed

"Getting used to me?
Next time, use a Condom ....."

Since the original EXE file remains unaltered, CRC programs cannot detect this virus having infected a system. One way to manually remove AIDS II is to check the disk for programs which have both a .EXE and .COM file, with the COM file having a length of 8,064 bytes. The COM files thus identified should be erased.

According to Symantec, AIDS II may play a melody and display the following string

"Your computer is infected with AIDS VIRUS II"

The displayed text strings do not appear in the viral code.

The AIDS II virus is not to be confused with the AIDS trojan. It also should not be mistaken for the original AIDS computer virus, for which AIDS II is a companion/successor.

Notes

  1. ^ Isolation date of AIDS is estimated to be near the time when AIDS was authored. The time that AIDS was authored is estimated to be sometime closely before the time AIDS derivatives were authored. The earliest known derivative of AIDS is Leprosy Archived November 10, 2006, at the Wayback Machine, authored in 1990. Thus, AIDS is believed to be authored and isolated in early 1990.

References