Common name | AIDS |
---|---|
Technical name | AIDS |
Aliases | AIDSB, AIDS-II, AIDS II, AIDS92, Hahaha, Taunt |
Family | N/A |
Classification | Virus |
Type | DOS |
Subtype | COM to EXE infector. Corrupter. |
Isolation | circa 1990[1] |
Point of isolation | Unknown |
Point of Origin | Unknown |
Author(s) | Dr. Joseph Popp |
AIDS is a computer virus written in Turbo Pascal 3.01a which overwrites com files. AIDS is the first virus known to exploit the MS-DOS "corresponding file" vulnerability. In MS-DOS, if both foo.com and foo.exe exist, then foo.com will always be executed first. Thus, by creating infected com files, AIDS code will always be executed before the intended exe code.
When the AIDS virus activates, it displays the following screen.
ATTENTION I have been elected to inform you that throughout your process of collecting and executing files, you have accidentally ¶HÜ¢KΣ► [PHUCKED] yourself over: again, that's PHUCKED yourself over. No, it cannot be; YES, it CAN be, a √ìτûs [virus] has infected your system. Now what do you have to say about that? HAHAHAHAHA. Have ¶HÜÑ [PHUN] with this one and remember, there is NO cure for AIDS
In the message above, the word "AIDS" covers about half of the screen. The system is then halted, and must be powered down and rebooted to restart it.
The AIDS virus overwrites the first 13,952 bytes of an infected com file. Overwritten files must be deleted and replaced with clean copies (available if you have made backups) in order to remove the virus. It is not possible to recover the overwritten portion of the program.
The AIDS II virus appears a more elegant revision of AIDS. AIDS II also employs the corresponding file technique to execute infected code.