high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing infected executable files.
More Information
Jerusalem is one of the first known viruses and has gained a lot of notoriety in the press due to its trigger date and its destructive payload.
The infection technique is quite primitive. Jerusalem is unable to recognize an infected EXE file and will continue infecting the same file over and over again. The size of infected EXE files are increased by 1808 bytes on each infection. COM files are infected only once and the virus avoids the COMMAND.COM file.
Jerusalem has two payloads, one non-destructive and one destructive.
In the non-destructive payload, tiggered after the system has been infected for 30 minutes, row 5 column 5 to row 16 column 16 on the screen are scrolled up two lines, creating a `black window', then the system slows down due to a time-wasting loop installed on each timer interrupt.
The destructive payload is triggered on Friday 13th, as long as the year is not 1987, and deletes every program run.
|
