Some Common PC-DOS Viruses and What They Mean To You1.9 The Dark AvengerThe Dark Avenger, sometimes called the Eddie virus, is the most subtly destructive of the viruses we will discuss here. Like the other file-infecting viruses we've seen, the first time an infected file is run, it loads itself into memory, and remains there until the next reboot or power off. As well as infecting files that are executed, the Dark Avenger will infect files that are opened (for reading or writing), renamed, or operated on in any of a number of other ways. Approximately every 16 executions of an infected program, it will overwrite a random sector of the disk the program was run from with the string "Eddie lives...somewhere in time!" followed by part of the body of the virus.
1.9.1 SpreadThe Dark Avenger can spread through the same channels as the 1813. Because it infects files under more conditions than the 1813, it can become widespread within a single machine faster. Any operation (such as many kinds of backups, disk searches, and so on) that opens many files can spread the virus very quickly to many programs on an infected machine. This increases both the chance that it will spread to another machine, and the chance that it will be detected (since more files will be changing).
1.9.2 SymptomsThe only symptoms of the Dark Avenger that are likely to be noticed without an anti-virus program are the growth in size of files, the occasional appearance of the "Eddie..." message inside files, and general system malfunction (caused by the overlaying of programs with the virus message). The latter two effects may go unnoticed, or be blamed on hardware, for some time, especially if the disk is not very full (because then the sectors overwritten will generally be unused).
1.9.3 DamageBecause the virus writes its message to random sectors on the disk, cleaning up after a Dark Avenger infection can be tedious; every file on disk and diskette must be checked for the virus message (and, of course, all files should be checked for the virus itself), and restored from somewhere if found to be damaged.
1.9.4 ProtectionAgain, any good anti-virus program should provide protection against the Dark Avenger; an anti-virus program that does not know about the Dark Avenger can actually cause an infection to spread faster, if it opens many files for scanning while the virus is in memory. But other sorts of protection programs (that do not allow programs to run if they have been altered, for instance) should have no trouble against this virus.[ Top of Page | Previous Page | Next Page | Table of Contents ] |