Type Resident EXE-files infector
Creator  ?
Date Discovered 1993
Place Isolated Italy?
Date Isolated December 1994
Source Language  ?
Platform DOS
Infection Length
Reported costs

Xandu is a DOS memory resident computer virus.


Xandu.2385 works in DOS operating systems of version 5.0 and higher. It becomes memory resident at the top of system memory and uses interrupt 21. While installing memory resident the virus accesses Upper Memory as well as conventional one, then it hooks INT 21h and writes itself to the end of EXE files that are closed. While infecting a file it uses undocumented System File Tables and several undocumented DOS functions. While infecting the virus also creates the temporary file C:\BCDABKEH, infects, and then deletes that file. Depending on the current time and date it displays the messages:

XANDU Virus ! (C) 1993 By MTZ - Italy !

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.