Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » Junkie

Overview

Threat Risk LOW LOW
Destructivity LOW LOW
Payload
Detection files published
Description created 11 Dec 1999 03:00:00
Description updated 08 Nov 2001 02:23:00
Malware type VIRUS
Alias
Spreading mechanism FILE_INFECTION
UNKNOWN
Summary None

Junkie

Spreading

When you are infected with the Junkie virus the amount of available memory will decrease. Some programs will show the message "Program too big to fit in memory" when they are executed.

If you run CHKDSK it will report a loss of 3072 bytes of total system and available memory. CHKDSK will normally report 655.360 bytes.

Some programs may experience troubles running because of the alteration of the file (see description below).

Junkie infects in two ways, either by running an infected file, or by booting from an infected diskette. First it will only infect Master Boot Record (MBR) on the hard disk, and do nothing more before the machine is rebooted from the hard disk. Later the virus will infect diskettes at reading, and COM-files that are executed or opened (for instant by a scanner).

It is not necessary with a successful reboot to be infected. In addition, Junkie disables Vsafe, a TSR-program (terminate-and-stay-resident) which is included in MS-DOS 6.x.

The virus may also infect some files with the extension .CO_ and .COW. This happens because the virus may just check the beginning of the extension before infection, and not the entire extension.

The virus does not infect files smaller then 4,096 bytes or bigger then 60,000 bytes. Since the virus infects accessed COM-files it will also infect files with the extension *.COM, but which has an EXE-structure. The virus will not infect all EXE-files, only *.COM-files that has been renamed to *.EXE. When Junkie infects an EXE-file, believing it is a *.COM-file, the file will be destroyed.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:15