Content
PalmOS/Phage.963
- Type
- Virus
- SubType
- PDA Device
- Discovery Date
- 09/21/2000
- Length
- 1,325 bytes
- Minimum DAT
- 4097 (09/27/2000)
- Updated DAT
- 4097 (09/27/2000)
- Minimum Engine
- 5.1.00
- Description Added
- 09/21/2000
- Description Modified
- 10/19/2000 10:18 AM (PT)
Tab Navigation
Characteristics
McAfee AVERT discovered this virus Sept 21, 2000.
This is the first virus designed for PalmOS.
When an infected application is run, the screen is filled in dark gray box and then the program terminates. This virus will infect all third party applications on the PDA device. This virus overwrites the 1st section in the host .PRC file.
In testing, when a new program is copied to the Palm system via IR transfer, this program will execute normally. If another application which is already infected is run, the newly transferred file will then become infected.
Symptoms
Attempts to launch an application will result in the screen filled with a dark gray box pattern and then closes. The desired application fails to launch.
Method of Infection
This virus will directly infect other PalmOS applications. Launching this program either accidentally or intentionally will result in the actions mentioned in the characteristics section of this description.
This virus copies its body to the 'code 1' resource of any other apps it finds. The original resource section is replaced with the virus code such that it is possible for infected applications to be smaller than the same program prior to infection.
Removal
Delete any file which contains this detection. Also delete phage.prc, if it exists, from your palm backup folder on your pc so you don't re-sync it back to your palm. This second step is necessary since the backup bit is set for phage.
Recovery from this threat requires a hard-reset followed by a hot-sync of the PDA device.
Variants
Variants
- PalmOS/Phage.1325.dr
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Aliases
- Palm Virus
- Palm.Phage.Dropper
- Phage 1.0
Characteristics
Characteristics -
McAfee AVERT discovered this virus Sept 21, 2000.
This is the first virus designed for PalmOS.
When an infected application is run, the screen is filled in dark gray box and then the program terminates. This virus will infect all third party applications on the PDA device. This virus overwrites the 1st section in the host .PRC file.
In testing, when a new program is copied to the Palm system via IR transfer, this program will execute normally. If another application which is already infected is run, the newly transferred file will then become infected.
Symptoms
Symptoms -
Attempts to launch an application will result in the screen filled with a dark gray box pattern and then closes. The desired application fails to launch.
Method of Infection
Method of Infection -
This virus will directly infect other PalmOS applications. Launching this program either accidentally or intentionally will result in the actions mentioned in the characteristics section of this description.
This virus copies its body to the 'code 1' resource of any other apps it finds. The original resource section is replaced with the virus code such that it is possible for infected applications to be smaller than the same program prior to infection.
Removal -
Removal -
Delete any file which contains this detection. Also delete phage.prc, if it exists, from your palm backup folder on your pc so you don't re-sync it back to your palm. This second step is necessary since the backup bit is set for phage.
Recovery from this threat requires a hard-reset followed by a hot-sync of the PDA device.
Variants
Variants -
- PalmOS/Phage.1325.dr
