|Place of Origin||Madrid, Spain|
|Platform||DOS, MS Windows|
|Infection Length||7,167 bytes|
Gollum is a 16-it virus by GriYo. It can infect Windows and DOS .exe files. GriYo described it as the first DOS/Windows hybrid ever. It appeared in the second issue of 29A magazine. Gollum is named for a creature that appears in the "Lord of the Rings" book and movie series.
When Gollum is first executed, it drops the file GOLLUM.386 in the system folder. It adds the line 'DEVICE=GOLLUM.386' to the system.ini file (this file served a similar function to the registry in very early versions of Windows) ensuring it will be loaded as a device driver the next time the system starts.
When the system restarts, the virus becomes memory resident as a virtual device driver. Every time an .exe file is executed from a DOS window, the virus infects it appending its code to the file. The virus is encrypted with a simple NOT operation. In an effort to avoid antivirus products, it does not infect files with the letter "v", or beginning with "TB".
GoLLuM ViRuS by GriYo/29A Deep down here by the dark water lived old Gollum, a small slimy creature. I dont know where he came from, nor who or what he was. He was a Gollum -as dark as darkness, except for two big round pale eyes in his thin face. J.R.R. ToLkieN ... The HoBBit
Unlike most of GriYo's creations, this virus is not named after a plant or animal virus. A Gollum is a creature in the Lord of the Rings books. It is also a genus of shark and a species of freshwater fish found in New Zealand. The word may also be related to Golem, a stone or clay being from Jewish folklore.
GriYo. 29A Magazine, Issue 2, GoLLuM ViRuS.
McAfee Antivirus, GOLLUM.7167.