%%File: VIRS0274.TXT
%%Name/Aliases: Dark Avenger, Dark Avenger-B, Black Avenger, Diana, 
Eddie, Rapid Avenger, Apocalypse-2, CB-1530, Milana, MIR, Outland, 
Ps!ko, Zeleng, Rabid, Jericho, Uriel, Dark_Avenger.1800.A
%%Platform: PC/MS-DOS
%%Type: Program., 
%%Disk Location: COM application., EXE application., Program overlay 
files., COMMAND.COM
%%Features: Memory resident; TSR.
%%Damage: Corrupts a program or overlay files., Overwrites sectors on 
the Hard Disk.
%%Size: 1800
%%See Also: Zero Bug
%%Notes: Infects every executable file that is opened, .COM and EXE 
files are corrupted on any read attempt even when VIEWING!!! Every 16th 
infection, it overwrites a block of the hard disk with a copy of the 
boot block.
The virus construction kit may have used the Dark Avenger as a basis.  
This virus may have been based upon the Zero Bug virus.
Copies of the virus source code appear to have been passed out to 
others, resulting in the different variants.
The Rabid virus swapped 2 instructions, located in the center of a 
search string used by a well known scanner.  Damaged files with "Eddie 
lives...somewhere in time" in them.    "Eddie lives...somewhere in time" 
at beginning and
 "This Program was written in the City of Sofia (C) 1988-89 Dark 
Avenger" near end of file  

v6-147: (quote)
Do you know how a Dark_Avenger.1800.A infection looks like? Every 
program that the user has executed or opened (read or copied) is 
infected. Additionally, if the payload has activated, the virus has 
botched the hard disk here and there with sectors that contain the first 
512 bytes of its body. Those sectors could be in a file, or in a 
subdirectory, or in the free disk space. Do you imagine how much time it 
will take to find all of them and determine to which files they belong 
on a reasonably large hard disk? On the other side, it will permit to 
find not only the infected files, but also the corrupted ones - but this 
is valid only for this particular virus.
And do you know what will happen after the user runs a disinfector? The 
virus will be truncated, the file beginning will be restored, but the 
virus body will most probably remain in the freed disk space. The next 
time the user runs your sector scanner, it will take exactly as much 
time as on an infected system - because it will continue to find the 
scan string here and there and will have to waste its time to compute 
that those sectors don't actually belong to files.

v6-151: At least one anti-virus program can detect and remove Dark 
Avenger (1800.F, 1800.G, 1800.H, 1800.I, 1800.Rabid.B, 2000.Copy.C, 
2000.DieYoung.B, 2100.DI.B, Jericho and Uriel)