mikes@aragon.stgt.sub.org (Michael Stribick) (05/18/91)
Hello ! What kind of virus is the YANKEE DOODLE ?? What happens to a infected PC ?? Bye, mike
walker@aedc-vax.af.mil (William Walker C60223 x4570) (05/21/91)
Michael Stribick (mikes@aragon.stgt.sub.org) writes: > What kind of virus is the YANKEE DOODLE ?? What happens to a (sic) > infected PC ?? Yankee Doodle is a variant of a virus called Vacsina, both of which, along with Yankee Doodle-B, belong to the "TP" family of about 48 viri (last time I checked). The second to the last byte of an infected file is believed to be the "version number" of the virus. In the most common Yankee Doodle virus, this number is 2C hex, or 44 decimal, therefore the name "TP-44" which many virus scanners give it. The viri from about 25 (19 hex) earlier are called Vacsina, while the later ones are called Yankee Doodle. When a program infected with Yankee Doodle is run, the virus becomes memory-resident. I'm not 100% sure when the infection takes place, but I believe that it occurs when a .COM or .EXE file is run. At a few seconds before 5:00 PM, most versions of the virus will play "Yankee Doodle" on the speaker. Some variants do not play music. One interesting characteristic: some versions of Yankee Doodle hunt down some other viri, such as Ping and Cascade. Hope this helps. For more info, see Patricia Hoffman's VIRUSSUM document. Bill Walker ( WALKER@AEDC-VAX.AF.MIL ) | OAO Corporation | "I think, therefore I am. Arnold Engineering Development Center | Nah, I think not." M.S. 120 | *POOF* Arnold Air Force Base, TN 37389-9998 |