Fandom

Malware Wiki

Lehigh

1,327pages on
this wiki
Add New Page
Comments0 Share

Lehigh is an early DOS virus that infects only COMMAND.COM. While it is a file virus, the fact that it only infects one particular file on each disk causes it to behave in a way similar to a boot sector virus.

BehaviorEdit

When a disk with an infected COMMAND.COM file is accessed, Lehigh installs itself in memory. Lehigh searches for a COMMAND.COM on other available disks. As a cavity infector, the virus fills an unused portion of the of the host file's code in its stack space, causing no increase in the host's size. It can infect another COMMAND.COM file if a DOS disk is inserted while the virus is in memory. Lehigh keeps an infection count in its body.

PayloadEdit

After 4 infections, the virus may overwrite the boot sector and file allocation table, preventing the computer from booting when restarted.

VariantsEdit

A few variants of this virus exist. Most of them only differ in the number of infections before the payload is triggered.

Other FactsEdit

Ken Van Wyk created some hype over the virus, but there is no evidence that it spread much beyond Lehigh University. Van Wyk would later start the VIRUS-L Usenet group.

A simple way to prevent the virus is to make COMMAND.COM a read-only file.

A virus named Diogenes contains a message saying "another fine product of the Lehigh Valley", possibly a reference to this virus.

NameEdit

Lehigh was named after Lehigh University, where it was first found. Today, this is in violation of the CARO naming scheme, but this virus predates that scheme by a few years.

Antivirus AliasesEdit

  • Avast: Lehigh
  • Avira: Lehigh #1 virus
  • Bitdefender: Virus.Lehigh
  • ClamAV: Lehigh.1
  • F-Secure: Virus.DOS.Lehigh [AVP]
  • Kaspersky: Virus.DOS.Lehigh
  • McAfee: Lehigh.dr
  • Symantec: Lehigh
  • Trend Micro: LEHIGH.DR

SourcesEdit

Peter Szor. The Art of Computer Virus Research and Defense, Chapter 3, Section 5.1, pp. 137, 198. Addison-Wesley, Pearson Education, Symantec Press; Upper Saddle River, New Jersey: 2005. ISBN 0321304543

McAfee Antivirus, Lehigh

Computer Break, Computer Sickness Reported - User Vigilance Required. 1988.01.15 (OWWCD)

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.