Overview Edit

Jerusalem is a DOS file virus first detected in Jerusalem, Israel in October 1987.

How it works Edit

On infection, the Jerusalem virus becomes memory resident (using 2kb of memory), and then infects every executable file run, except for COMMAND.COM. .COM files grow by 1,813 bytes when infected by Jerusalem and are not re-infected. .EXE files grow by 1,808 to 1,823 bytes each time they are infected. The virus re-infects .EXE files each time the files are loaded until they are too large to load into memory. Some .EXE files are infected but do not grow because several overlays follow the genuine .EXE file in the same file. Sometimes .EXE files are incorrectly infected, causing the program to fail to run as soon as it is executed.

The program contains one destructive payload that is set to go off on Friday the 13th, all years but 1987. On that date, the virus deletes every program file that was executed. Jerusalem is also known as BlackBox because of a black box it displays during the payload sequence.

Jerusalem was initially very common (for a virus of the day) and spawned a large number of variants. However, since the advent of Windows, these DOS interrupts are no longer used, so Jerusalem and its variants have become obsolete.

This page uses Creative Commons Licensed content from Wikipedia (view authors). Smallwikipedialogo.png
Community content is available under CC-BY-SA unless otherwise noted.