Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
AIDS (computer virus)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|DOS computer virus}} {{distinguish|AIDS (Trojan horse)|CyberAIDS|HIV/AIDS}} {{Infobox computer virus | Fullname = AIDS | Common name = AIDS | Technical name = AIDS | image = Aids computer virus.png | Family = N/A | Aliases = AIDSB, AIDS-II, AIDS II, AIDS92, Hahaha, Taunt | Classification = [[Computer virus|Virus]] | Type = [[DOS]] | Subtype = {{ubl|[[COM file|COM]] to [[EXE]] infector|Corrupter}} | IsolationDate = {{circa}} 1989<ref>{{cite book | last=Feudo | first=Christopher V. | date=1992 | url=https://archive.org/details/computervirusdes0000feud/page/145/ | title=The Computer Virus Desk Reference | publisher=Business One Irwin | page=145 | isbn=9781556237553 | via=the Internet Archive}}</ref> | Isolation = Unknown | Origin = Unknown | Author = Unknown }} '''AIDS''' is a [[DOS]] [[computer virus]] which overwrites [[COM file]]s. ==Description== AIDS is the first virus known to exploit the [[MS-DOS]] [[COM file#Execution preference|"corresponding file"]] vulnerability. In MS-DOS, if the user enters {{code|FOO}} in the command interpreter, in a directory where both {{code|FOO.COM}} and {{code|FOO.EXE}} exist, then {{code|FOO.COM}} will always be executed. Thus, by creating infected [[COM file]]s, AIDS code will always be executed before the intended [[.exe|EXE]] file.<ref>{{cite book | last=Minasi | first=Mark | date=1993 | url=https://books.google.com/books?id=_-6b677ypPgC | title=Inside MS-DOS 6.2 | publisher=New Riders Publications | page=98 | isbn=9781562052898 | via=Google Books}}</ref> When the AIDS virus activates, it displays the following screen (bracketed comments not in original):<ref>{{cite web | last=Gorton | first=Thomas | date=July 15, 2014 | url=https://www.dazeddigital.com/artsandculture/article/20835/1/the-computer-virus-catalog-depicts-the-worlds-worst-malware | title=The Computer Virus Catalog depicts the world's worst malware | work=Dazed | publisher=Dazed Media | archiveurl=https://web.archive.org/web/20140717090318/https://www.dazeddigital.com/artsandculture/article/20835/1/the-computer-virus-catalog-depicts-the-worlds-worst-malware | archivedate=July 17, 2014}}</ref> <blockquote> {{mono|ATTENTION: I have been elected to inform you that throughout your process of collecting and executing files, you have accidentally ¶HÜ¢KΣ► <nowiki>[</nowiki>[[:wikt:phuck|phucked]] in [[leet]]<nowiki>]</nowiki> yourself over: again, that's PHUCKED yourself over. No, it cannot be; YES, it CAN be, a √ìτûs [virus] has infected your system. Now what do you have to say about that? HAHAHAHAHA. Have ¶HÜÑ [phun] with this one and rememember, there is NO cure for [[HIV/AIDS|AIDS]]}} </blockquote> In the message above, the word "AIDS" covers about half of the screen. The system is then halted, and must be powered down and rebooted to restart it.<ref>{{cite book | last=Feudo | first=Christopher V. | date=1992 | url=https://archive.org/details/computervirusdes0000feud/page/145/ | title=The Computer Virus Desk Reference | publisher=Business One Irwin | pages=145–146 | isbn=9781556237553 | via=the Internet Archive}}</ref> The AIDS virus overwrites the first 13,952 [[byte]]s of an infected COM file. Overwritten files must be deleted and replaced with clean copies in order to remove the virus. It is not possible to recover the overwritten portion of the program.<ref name=p146>{{cite book | last=Feudo | first=Christopher V. | date=1992 | url=https://archive.org/details/computervirusdes0000feud/page/145/ | title=The Computer Virus Desk Reference | publisher=Business One Irwin | page=146 | isbn=9781556237553 | via=the Internet Archive}}</ref> == AIDS II == {{Infobox computer virus | Fullname = AIDS II | Common name = AIDS 2 | Technical name = AIDS II.8064 | Family = AIDS II | Aliases = AIDS-II, Aids.8064, AIDS_8064, AIDS_II.8064 | Classification = [[Computer virus|Virus]] | Type = [[DOS]] | Subtype = [[EXE]] to [[COM file|COM]] companion<br />General nuisance | IsolationDate = April 1990 | Isolation = Unknown | Origin = Unknown | Author = WOP & PGT of DutchCrack }} '''AIDS II''' is a companion computer virus, which infects [[COM file]]s. First discovered in April 1990, it appears to be a more elegant revision of AIDS, which also employs the corresponding file technique to execute infected code.<ref name=p146/> Unlike generic file infectors, AIDS II is the second known virus to use the "corresponding file technique" of infection (after the original AIDS), and the first to use this technique in a way that does not modify the original target EXE file. AIDS II works by first finding an uninfected EXE file in the [[working directory]] and then creating a companion COM file with the viral code. The COM files will always be 8,064 [[byte]]s in length, with a timestamp corresponding to the time of infection. After creating the new COM file, the virus then plays a loud note, and displays the following message:<ref name=p146/> <blockquote> {{mono|Your computer is infected with ... }} :{{mono|❤Aids Virus II❤}} {{mono|- Signed WOP & PGT of DutchCrack -}} </blockquote> AIDS II then executes EXE file the user intended to execute without incident. Once that program is exited, control returns to the virus. The note is replayed, with a new message displayed:<ref name=p146/> <blockquote> {{mono|Getting used to me? Next time, use a Condom .....}} </blockquote> Since the EXE file is unchanged, [[cyclic redundancy check]]s, such as those present in [[antivirus software]], cannot detect this virus having infected a system. A way to remove AIDS II manually is to check for EXE files with an identically named COM file 8,064 bytes in length. Those COM files can be deleted.<ref name=p146/> According to Symantec, AIDS II may play a melody and display the following [[Character string (computer science)|string]]:<ref>{{cite web | last=Staff writer | date=1995 | url=http://securityresponse.symantec.com/avcenter/venc/data/aids.ii.html | title=AIDS_II | work=Symantec Security Response | publisher=Symantec Corporation | archiveurl=https://web.archive.org/web/20021020202252/http://securityresponse.symantec.com/avcenter/venc/data/aids.ii.html | archivedate=October 20, 2002}}</ref> <blockquote> {{mono|Your computer is infected with AIDS VIRUS II}} </blockquote> == References == {{reflist|colwidth=30em}} == External links == {{External media|video1=[https://www.youtube.com/watch?v=tckwz0ZS3Zo AIDS virus demonstrated on a real computer] by [[danooct1]]}} *{{cite web | last= | first= | date= | url=http://vil.nai.com/vil/content/v_98149.htm | title=AIDS 2 | publisher=McAfee, Inc. | archiveurl=https://web.archive.org/web/20081215115220/http://vil.nai.com/vil/content/v_98149.htm | archivedate=December 15, 2008}} [[Category:DOS file viruses]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Cite book
(
edit
)
Template:Cite web
(
edit
)
Template:Code
(
edit
)
Template:Distinguish
(
edit
)
Template:External media
(
edit
)
Template:Infobox computer virus
(
edit
)
Template:Mono
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)