FANDOM



Rushhour is an early DOS file infector. In a similar manner to the Lehigh virus, it only infects one particular file. It is one of the few viruses from the year 1986.

BehaviorEdit

When a KEYBGR.COM file infected with Rushhour is introduced to a new system and executed, the virus becomes resident in the memory. The virus waits fifteen minutes to begin infecting after execution. When the user enters a directory with KEYBGR.COM, Rushhour will infect the file by appending its code to the file.

The virus only infects the file KEYBGR.COM, a German keyboard driver for MS-DOS. The virus may cause the computer to make sounds, sometimes described as a short "Pchchch" (probably similar to white noise, as the source on this is in German where the letters "ch" together produce a different sound) when keys are pressed. Whether or not this is intentional is unclear, but it may have been, as the virus may cause interference with the keyboard driver. It contains text strings inside the virus code:

  This program is a VIRUS program.
  Once activated it has control over alls
  ystem devices and even over all storage
  media inserted by the user. It continually
  copies itself into uninfected operating
  systems and thus spreads uncontrolled.
  The fact that the virus does not destroy any
  user programs or erase the disk is merely due
  to a philanthropic trait of the author......

VariantsEdit

Some versions of the virus contain a similar message in Dutch:

  Dit is een demonstratie van een zogenaamd computervirus.Het
  heeft volledige controle over alle systeem-componentenen alle
  harde schijven en in de drive(s) ingevoerdediskettes. Het
  programma kopieert zichzelf naar andere,nog niet besmette
  besturingssystemen en verspreidt zich opdie manier
  ongecontroleerd. In dit geval zijn er geenprogramma`s beschadigd
  of schijven gewist, omdat ditslechts een demonstratie is. Een
  kwaadaardig virushad echter wel degelijk schade aan kunnen richten.

This translates into, "This is a demonstration of a so-called computer virus. It has complete control over all system components all hard disks and in the drive(s) introduced diskettes. It copies itself to another uncontaminated program, and spreads in an uncontrolled manner. No program has been damaged and no disks were erased, because this is solely a demonstration. It would have been possible to create one that does damage, but that would be contrary to our goals."

NameEdit

The creator of the virus named it Rush Hour. The reason for this name was never made clear.

Antivirus AliasesEdit

  • Avast: Rush
  • AVG: Rush_Hour
  • Avira: VGEN/6291.512
  • Bitdefender: Rush_Hour.A
  • ClamAV: Vgen.6291
  • F-Prot: Rush_Hour.A
  • Kaspersky Lab: Virus.DOS.Rushhour.a
  • McAfee: Rush Hour.ow
  • Panda: RushHour.3128
  • RAVAntivirus: Rush_Hour.A
  • Sophos: Rushhour
  • Symantec: Rush Hour.B (d)
  • Trend Micro: RUSH_HOUR.A

Other FactsEdit

When Berndt Fix first planned the virus, he proposed several different possibilities for how it would work. A virus infecting .com as well as .exe files was proposed, but Fix decided against it when he considered the amount of space it would consume. Another possibility was a virus containing a 4500 character text on the dangers of viruses, but this was not done for the same reason.

SourcesEdit

Ralf Burger. Computer Viruses: A High-Tech Disease, pp. 137–144. Data Becker, GmbH, Düsseldorf; Abacus Software, Grand Rapids: 1987-1989. ISBN 1-55755-043-3

Funktion und Aufbau des Virus "RUSHHOUR". (German)

Kaspersky Labs, Virus.DOS.Rushhour.a.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.