Xph | |
---|---|
Type | File virus |
Creator | |
Date Discovered | MAY-1993 |
Place of Origin | |
Source Language | Assembly |
Platform | DOS |
File Type(s) | .com, .exe |
Infection Length | 1,100 (.com) 1,114 (exe) 1,168 (memory) |
Reported Costs |
Xph is a file infecting DOS virus from 1993.
When the Xph virus is executed, it installs itself at the top of system memory below the 640 kilobyte DOS boundary. It takes up 1,168 bytes in memory. Xph then checks COMMAND.COM to see if it has been previously infected and infects it if not. The virus infects .com and .exe files as they are executed or even opened, appending itself to the end of the file. A .com file will increase in size by 1,100 bytes, and an .exe will increase by 1,114 bytes.
It may cause the system to hang. It appears to have no other issues or deliberately destructive payload. Infected files can be identified with the text "XPH" and "ASCECLHVSRVINWI", the latter being near the end of the file.
Variants
Several variants appeared, mostly similar to the original, varying only in infection size or in the text found in the virus. These include Xph.1029, Xph.1032, Xph.2012, and Xph.DR&ET. Xph.2012 contains the text "(C) 08/09/93 by McAfee Associates.ASCECLHVSPF-ACPRVINWI". Xph.DR&ET contains the text "(c) 23.5.3945 / DR & ETASCECLHVSPF-ACPRVINWI ".
Sources
Patricia Hoffman. Online VSUM, XPH Virus.