Name: Guerilla.199 Category: Viruses Description: Details Guerilla.1996 It is a harmless memory resident parasitic polymorphic and stealth virus. It hooks INT 21h and writes itself to the end of EXE files that are closed. While opening an infected file the virus disinfects it, while searching for files (FindFirst/Next) the virus decreases the returned file length - these are virus stealth routines. The virus does not infect several anti-viruses according to the string (two bytes per name): TBVIAVNANEVSFIF-IMFVSCQBIV When several file compressing utilities, anti-viruses and Windows are run, the virus disables its stealth routines. The list of these programs looks as follows: TBSCAN, TBSETUP, WIN, PKZIP, ARJ, RAR, LHA, ADINF. While installing memory resident the virus scans the system memory for memory resident anti-viruses TBAV, NAV and NEMESIS. If one is found, the virus terminates its installation routine. The virus also contains the text strings: NACSBT NIW PUTESBT PIZKP JRA RAR AHL FNIDA Guerilla 1996 PH TB*NAVNEM