Virus.DOS.Vanitas or Vanitas is a dangerous memory resident parasitic encrypted virus that runs on MS-DOS.

It has 5 variants:

  • Virus.DOS.Vanitas.2040 (plus B)
  • Virus.DOS.Vanitas.3712 (A, B and C)


When the virus is in memory, it hooks INT 21h and writes itself to the end of EXE files that are accessed. The virus does not infect the files: EMM386, SCAN, F-PROT. While installing memory resident the virus also infects the C:\WINDOWS\COMMAND.COM and C:\COMMAND.COM files (they are of EXE format in DOS 7.x).

The virus has a bug and may halt the system while installing memory resident.

Payload Sunting

On March 27 the virus manifests itself by a video effect.

Other details Sunting

Debugging is required in order to let the virus to install itself into memory.

The virus contains the text strings:

VANITAS++ v2.0 GR(c)97 by ANAX.
[E-75] goes to Hell. Have a nice death...