Adolf Virus
Alias: 
Strain: ---
detected when: ---
where: ---
Classification: Resident, appending COM-file infector.
Length: 475 bytes on disk/memory

Preconditions
Operating System(s): MS-DOS
Version/Release: 2.xx and above
Computer model(s): IBM PC, XT, AT and compatibles
Caroname: Adolf

Attributes 
Easy identification: The code contains the text: " Adolf Hitler ", and the fourth byte will be an ASCII '5' = 35h.
Type of Infection:
 Starting an infected file will make the virus resident before executing the file correctly. At execion time of an uninfected file, the virus appends itself to the file's code.
 
Infection Technique: 
Infection Trigger: INT 21h load/execute function if the virus is active in memory.
Storage Media affected: 
Interrupts hooked: INT 21h functions 4Bh(load/execute) and 41h(delete), INT 24h.
Stealth: 
Tunneling/Selfprot: 
Oligo/Polymorphism: 
Encoding Method: 
Damage: Nothing except infection.
Damage Trigger: ---
Particularities: If the virus is active in memory and INT 21h function 41h is called, a deletion will only succeed if bits 0 and 1 of BIOS-parameter 046C (Timer) are not set both.
Similarities: ---

Agents
Countermeasures: Skulasons F-PROT 2.06a, McAfee SCAN V99.
Standard means: Reboot and delete infected files.

Acknowledgements
Location: Virus Test Center, University of Hamburg, Germany.
Classification by: Stefan Haack
Documentation by: Stefan Haack
Date: 01-FEB-1993
Information Source: Virus-code analysis