AIDS (computer virus)

From Wikipedia, the free encyclopedia

AIDS
Common name	AIDS
Technical name	AIDS
Aliases	AIDSB, AIDS-II, AIDS II, AIDS92, Hahaha, Taunt
Family	N/A
Classification	Virus
Type	DOS
Subtype	COM to EXE infector. Corrupter.
Isolation	circa 1990^[1]
Point of Isolation	Unknown
Point of Origin	Unknown
Author(s)	Doctor Dissector of Corrupted Programming International
This box: view • talk • edit

AIDS is a computer virus written in Turbo Pascal 3.01a which overwrites com files. AIDS is the first virus known to exploit the MS-DOS "corresponding file" vulnerability. In MS-DOS, if both foo.com and foo.exe exist, then foo.com will always be executed first. Thus, by creating infected com files, AIDS code will always be executed before the intended exe code.

When the AIDS virus activates, it displays the message:

In the message above, the word "AIDS" covers about half of the screen. The system is then halted, and must be powered down and rebooted to restart it.

The AIDS virus overwrites the first 13,952 bytes of an infected com file. Overwritten files must be deleted and replaced with clean copies (available if you have made backups) in order to remove the virus. It is not possible to recover the overwritten portion of the program.

The AIDS II virus appears a more elegant revision of AIDS. AIDS II also employs the corresponding file technique to execute infected code. Even more sophisticated is nVIR's use of an additional code resource after patching the jump table.

The AIDS virus is not to be confused with the Aids Info Disk/PC Cyborg Trojan.

[edit] Notes

^ Isolation date of AIDS is estimated to be near the time when AIDS was authored. The time that AIDS was authored is estimated to be sometime closely before the time AIDS derivatives were authored. The earliest known derivative of AIDS is Leprosy, authored in 1990. Thus, AIDS is believed to be authored and isolated in early 1990.