what is the smallest virus size

Discussion in 'NOD32 version 2 Forum' started by beethoven, Jun 9, 2005.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,150
    Just wondering whether anyone can tell me how small in bytes a virus can be? Is there any generally accepted minimum level, so that any unknown files of less than that can be considered safe ?
    I am asking because I received an alert from mailwasher of a possible virus. I am pretty sure it's a false alert and NOD does not show any concerns. The attachments are only between 151 bytes and 900 bytes. :doubt:
     
  2. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    hi! 151-900 bytes are enough for an virus (com file). the smallest virus i have was 13 bytes - the smallest nod32 could identify from my collection was 128 bytes (material).
     
  3. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,150
    Interesting - thanks for that :)
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,409
    Functional threats in attachments must be much larger - the old COM viruses could not propagate via email ;-)
     
  5. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Smalest virus is 4 bytes long :)
     
  6. Happy Bytes

    Happy Bytes Guest

    Yep :D It's a DOS trojan :D
    One of the most complex Trojan who was ever written :D

    F0|0F|C7|C8 <--- thats it :D (Doesn't do any harm to newer cpu's and does only lock some special older cpu types)

    Note: Thats only the Hexcode, so no danger by reading this post :D
     
    Last edited by a moderator: Jun 9, 2005
  7. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    :D forgot that old F00F pentium bug :D
     
  8. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    err... just wanted to constructively reply "Lets Wait for Happy Bytes aka Cool Daddy" when I spotted his post... :D This reminded me though... I never took the time to read anything about the F00F bug, but always wanted to ;) Now's the time!
     
  9. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    I was thinking of something like:

    8B DE CD 26 or B7 01 CD 26 or 87 DE CD 26 or 87 F3 CD 26 or 56 B5 CD 26 or FE C7 CD 26 :)
     
  10. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Refresh your memory here
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.