Jerusalem (computer virus)

The Jerusalem virus is a computer virus that was first discovered in October 1987 in Jerusalem. After the infection, it is memory resident and infects all. COM and. Exe files except COMMAND.COM. . COM files after infection, 1,813 bytes long and are not re- infected again. . Exe files with each infection 1808-1823 bytes larger and as long as newly infected until they can no longer be loaded into memory. Sometimes EXE files. Infected incorrect, causing crash these programs once they are executed.

The code itself clings to the interrupt processing and other DOS services, for example deletes the virus, the output of console messages if it was the virus, for example, not a file on a read-only medium to infect such as a floppy disk. One of the indications of infecting the computer is the misspelling of the known message " Bad command or file name " as " Bad Command or file name ".

The virus includes a destructive and non-destructive damage part. The destructive damage part is it designed to enable every Friday the 13th except in 1987. On this date, the virus will delete all program files.

In the non- destructive damage part, the virus is reduced 30 minutes after its infection, the rate of PC -XT systems to about one fifth of its normal power by inserting a loop of each timer interrupt. In addition, the virus produces a black window ' by 5 to line 16, column shifts, line 5, column 16 on the screen two lines to the top.

Jerusalem was initially very common nowadays and there emerged a large number of variants. Since the advent of Windows, the DOS interrupts that Jerusalem used no longer used, which is why Jerusalem and its variants disappeared very quickly.

Aliases

Variants

Get Password 1 (GP1 )

This Novell NetWare specific virus, discovered in 1991, the passwords from the NetWare DOS Shell tries to collect, which then sends it to a specific socket on the network, where a tool can read it

Suriv viruses

The Suriv viruses are earlier, more primitive versions of Jerusalem. Suriv 1 and 2 solve on April 1, Suriv 3 on a Friday the 13th from.

Sunday ( Jeru -Sunday )

Files that were infected from Sunday to grow by 1,636 bytes.

Every Sunday shows the viral one of those texts at a distance of 30 minutes.

  • Today is SunDay! Why do you work so hard?
  • All work and no play make you a dull boy!
  • Come on! Let's go out and have some fun!

The variant was designed to delete all programs, however, prevented this bug.

Sunday has different variants.

  • Sunday.a - The version described above.
  • Sunday.b - to delete a version of Sunday with a working routine for the programs.
  • Sunday.1.Tenseconds - How Sunday.a, but the interval between the messages is now 10 seconds.

PQSR

PQSR leaves infected files grow by 1,720 bytes. On the 13th of each month, the virus deletes any programs on your PC. The master boot record and the nine sectors after the MBR will be overwritten. The virus used " PQSR " as a self- detecting code.

Jeruspain ( Jeru - Spanish)

If the virus is memory resident, it will delete all programs on the 26th of each month.

Brother

Frère Jacques Frère plays on Fridays or on the 13th of the month.

Jerusalem -113

Do not run on Saturdays. The virus PHENOME.COM out in the infection, but infected for COMMAND.COM

Jerusalem Apocalypse

Jerusalem Apocalypse contains the text "Apocalypse! ". If the virus is memory resident, it deletes any program which on a Friday the 13th is executed.

Jerusalem -T1

If the virus is memory resident, it will delete any executable file on a Tuesday the 1st

Jerusalem Frère.2

Jerusalem Brother plays Frère Jacques once per minute. A variant with the name Two Tigers playing the same piece.

Jerusalem - Nemesis

The virus NEMESIS.COM rather than COMMAND.COM, and infected COMMAND.COM instead. Jerusalem - Nemesis contains the string " NEMESIS.COM ".

Jerusalem - Captain Trip

Jerusalem - Captain Trip contains the string " Captain Trips " and " SPITFIRE ".

If the year is not 1990 and the day on a Friday or a day after the 15 's and run a program created Jerusalem - Captain Trip an empty file with the program name. At various other data it installs a routine in the timer tick, which is activated after 15 minutes. On 16 programmed Jerusalem - Captain Trip the video controller. Jerusalem - Captain Trip has several errors.

Jerusalem - Yellow

Jerusalem Yellow does not infect. EXE files. All infected files are 1363 bytes long.

45 minutes or 4,096 keystrokes after the virus has been loaded into memory, Jerusalem Yellow created a large yellow rectangle with a shadow in the middle of the screen and the computer freezes.

Mendoza ( Mendoza Jerusalem )

The virus makes in the years 1989 and 1990, nothing.

In all other years, a flag is set when the virus is memory resident and is the position of the disk motor 25. The flag is set when a program is run from a floppy disk.

If the flag is set, any program which is executed is deleted.

If the flag is not set, the cursor is within 30 minutes to form a block. After one hour, Caps Lock, Num Lock and Scroll Lock off.

Other variants

  • Jerusalem.1244
  • Jerusalem.1808.Standard
  • Jerusalem.Mummy.1364.a
  • Standard.SuMsdos
  • Standard.Var
  • Standard.AA33CCDDEE
  • Standard.UMsDos
  • Standard.null
  • Standard.Nocommand
  • Jan25
  • A
  • Anarkia.2
  • Puerto
  • Spanish
  • Messina
  • Ffd
  • 1af
  • Critical
  • Flag_ee,
  • * a204 *
  • Frère2
  • Frère3
  • 2E7
  • Not13
  • B0f
  • Phenomen
  • 52f
  • 7C01
  • 6d46
  • JVT1
  • J
  • Friday15
  • 3503
  • Feb- 7th
  • Nov30
  • SUMFDos
  • Skism
  • 5a4
  • 65d6
  • BSA
  • Dragon.
  • Lee Morton 's Lover
436539
de