Fandom

Malware Wiki

Kela

1,321pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.Kela is a memory resident parasitic virus on DOS.

There are 16 variants, the smallest infection size is 690 bytes while that of the largest is 2,530 bytes.

BehaviorEdit

When the virus is loaded into memory, it hooks INT 21h and 22h, and infects any executable that is accessed.

Except Kela.690 and 823, the virus behaves stealthy and there will have no observable size change on infected files as long as the virus stays in memory. Additionally, the seconds field of the timestamp will be changed to "62" after infection. Under CHKDSK, infected files will be appeared with file allocation error due to the size change.

Kela.690Edit

This variant infects COMMAND.COM from June to the end of December only, after that it hangs the system and disables the keyboard input.

Kela.823Edit

This variant infects DOS executable only.

Kela.1735 and 2010Edit

These variants infect both types, but ignore files having the filename:

AIDSTEST

Kela.2530Edit

This variant infects C:\COMMAND.COM after loading into memory and before hooking interrupts.

Memory usageEdit

The following table shows the memory usage of the variants.

Variant Memory usage in bytes
Kela.690 Non-TSR
Kela.823 ?
Kela.1171 ?
Kela.1735 2,048
Kela.1904 2,224
Kela.2002 2,320
Kela.2007 2,320
Kela.2010 2,320
Kela.2018 2,336
Kela.2099 2,416
Kela.2122 2,432
Kela.2163 2,480
Kela.2520 2,832
Kela.2530 2,848
Kela.Chigi.2203 2,512
Kela.Chigi.2518 2,832

PayloadEdit

Kela.690Edit

From June to the end of December, if an infected program is run, the virus hangs the system. Since the virus targets only COMMAND.COM, the system can be used only from January to the end of May unless the infected files are cleaned.

Kela.Chigi.2518Edit

This variant displays a message in unknown language by random when an infected program is run.

VariantsEdit

The complete list of variants of the Kela family:

  • Virus.DOS.Kela.690
  • Virus.DOS.Kela.823
  • Virus.DOS.Kela.1171
  • Virus.DOS.Kela.1735
  • Virus.DOS.Kela.1904
  • Virus.DOS.Kela.2002
  • Virus.DOS.Kela.2007
  • Virus.DOS.Kela.2010
  • Virus.DOS.Kela.2018
  • Virus.DOS.Kela.2099
  • Virus.DOS.Kela.2122
  • Virus.DOS.Kela.2163
  • Virus.DOS.Kela.2520
  • Virus.DOS.Kela.2530
  • Virus.DOS.Kela.Chigi.2203
  • Virus.DOS.Kela.Chigi.2518

Other detailsEdit

Kela.823 contains the internal text string:

KELA lives Don KR. 1992

Kela.1171 contains the internal text string:

KELA

Kela.1735 contains the internal text strings:

AIDSTEST
KELA-9 lives all times 1992-93 
Alien

Kela.1904 contains the internal text strings:

Kela
COMEXE

Kela.2002 contains the internal text strings:

COMEXE
KELA lives all times 1993 ver
~~~~

Kela.2007, 2018, 2099, 2520, 2530 and Chigi.2518 contain the internal text string:

~~~~

Kela.2010 contains the internal text strings:

AIDSTEST
KELA-10 lives all times 1992-93 
Alien

Kela.2122 and Kela.2163 contain the internal text strings:

Eddie lives...somewhere in time!
(C) Dread Lord, 1993, 1994
Thanx to the Dark Avenger DDT -- LAME !
FotD -- RULEZ
~~~~

Kela.2163 also contains the internal text strings:

Eddie 2 or Infinite Dreams virus by FotD

Kela.Chigi.2203 contains the internal text strings:

ChigiVarez Lives SomeWhere in Net ...
~~~~

See alsoEdit

Kela-17

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.