Viral Rewind: Virus.DOS.Beda

-----------------------------------------------------------
. Beda.1301 is a DOS virus that infects only .COM files and tries to evade detection via temporarily disinfecting an infected file upon loading (subsequently reinfecting it when closed). Beda's name stems from the hexadecimal address it uses for reference in infected programs and in its TSR routine: "BEDh". The hexadecimal numbering system uses 16 digits (0-F) versus the standard decimal system (0-9). Several different variants of Beda exist; some play with the internal PC speaker, some delete files in a manner similar to Jerusalem, some just replicate/spread and this variant manifests itself with a video effect.

The payload: After a number of instances (6 to 13 typically), Beda.1301 when an infected file is run instead of returning to the DOS prompt displays a set of Red/Green/Blue bars moving vertically up and down the display. This effect persists until a key is pressed in which it will go away and return to the DOS prompt. After another number of instances however the payload will return.

-------------------------------