Fandom

Malware Wiki

Zerobug

1,321pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.Zerobug.1536.a or Zerobug is a virus that runs on MS-DOS.

BehaviorEdit

When a file infected with Zerobug is executed, the virus uses the COSMPEC variable to look for COMMAND.COM. If it finds COMMAND.COM, it will infect files from directly from there. If not, the virus becomes memory resident. The virus prepends its 1,536 bytes to every .com file run. In a manner similar to Vienna, the virus marks infected files with the number 62 in the seconds field of the file's timestamp.

After a certain amount of time, the virus will replace any "0" displayed on the screen with an ASCII smiley face (ASCII character 01).

The "DIR" command shows the infected files with their original sizes.

VariantsEdit

Zerobug.B is 1,840 bytes long. It does not use COSMPEC to infect COMMAND.COM. This variant will only infect .com files that are copied.

NameEdit

Zerobug gets its name from the fact that it replaces all "0"'s with an ASCII smiley face. With antivirus vendors, it is almost universally known as "Zerobug', with a few very minor differences (some have a space between "Zero" and "bug").

Other FactsEdit

In spite of the fact that the virus sets an infected file's seconds timestamp to 62, it is in nearly every other way different from Vienna. Some virus researchers have remarked that the virus was poorly coded.

SourcesEdit

F-Secure Antivirus, F-Secure Virus Descriptions : Zero Bug.

Securelist, Virus.DOS.Zerobug.1536.a.

Patricia Hoffman. VSUM, Zero Bug Virus.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.