what is the smallest virus size

Discussion in 'NOD32 version 2 Forum' started by beethoven, Jun 9, 2005.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Just wondering whether anyone can tell me how small in bytes a virus can be? Is there any generally accepted minimum level, so that any unknown files of less than that can be considered safe ?
    I am asking because I received an alert from mailwasher of a possible virus. I am pretty sure it's a false alert and NOD does not show any concerns. The attachments are only between 151 bytes and 900 bytes. :doubt:
     
  2. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    hi! 151-900 bytes are enough for an virus (com file). the smallest virus i have was 13 bytes - the smallest nod32 could identify from my collection was 128 bytes (material).
     
  3. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Interesting - thanks for that :)
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Functional threats in attachments must be much larger - the old COM viruses could not propagate via email ;-)
     
  5. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Smalest virus is 4 bytes long :)
     
  6. Happy Bytes

    Happy Bytes Guest

    Yep :D It's a DOS trojan :D
    One of the most complex Trojan who was ever written :D

    F0|0F|C7|C8 <--- thats it :D (Doesn't do any harm to newer cpu's and does only lock some special older cpu types)

    Note: Thats only the Hexcode, so no danger by reading this post :D
     
    Last edited by a moderator: Jun 9, 2005
  7. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    :D forgot that old F00F pentium bug :D
     
  8. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    err... just wanted to constructively reply "Lets Wait for Happy Bytes aka Cool Daddy" when I spotted his post... :D This reminded me though... I never took the time to read anything about the F00F bug, but always wanted to ;) Now's the time!
     
  9. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    I was thinking of something like:

    8B DE CD 26 or B7 01 CD 26 or 87 DE CD 26 or 87 F3 CD 26 or 56 B5 CD 26 or FE C7 CD 26 :)
     
  10. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Refresh your memory here
     
Thread Status:
Not open for further replies.