Syslock | |
---|---|
Type | File virus |
Creator | |
Date Discovered | 1988.11 |
Place of Origin | |
Source Language | |
Platform | DOS |
File Type(s) | .com, .exe |
Infection Length | 3,551 Bytes |
Reported Costs |
Syslock is an encrypted virus from 1988. It is a simple direct action infector of both .com and .exe files that replaces instances of the string "Microsoft" with "Macrosoft".
Behavior
When Syslock is executed, it searches the entire hard disk for .com and .exe files and appends itself to one random file. It searches for the string "microsoft" in any combination of upper or lower case characters and replaces it with "MACROSOFT". The virus will not infect files if it finds an environment variable named "SYSLOCK" set to the "@" character.
Variants
Advent
The first subvariant only replicates if it is on a .exe file and only infects .com files. These infected .com files will not produce a new virus when executed.
Advent.B fixes this problem. It is between 2,768 and 2,783 bytes. In December it will display four candles and play "Oh Tannenbaum" on the system speaker.
Cookie
This variant is 2,232 to 2,251 bytes long and originated in Europe in January of 1991. Systems infected with this variant may experience system hangs. It may also display the message "I want a COOKIE!".
Macho
This variant is almost entirely similar to the original, except that it replaces "microsoft" with "MACHOSOFT".
Sources
Patricia Hoffman. Online VSUM, "SysLock".