OS2.AEP
=======
          is a harmless nonmemory resident parasitic NewEXE (OS/2) virus.
          It searches for EXE and DLL files, checks them for an NE stamp,
          then checks the OS/2 marker in the NewEXE header. Next, the
          virus obtains the number of the code segment that is the entry
          point segment, shifts down all other segments, then increases the
          length of the entry point segment, and writes its code there. Then
          the virus fixes the relocation and name tables and returns the control
          to the host program.

Clean File               Infected File
+----------------+        +----------------+
İMZ DOS Header   İ        İMZ DOS Header   İ
İ----------------İ        İ----------------İ
İNE NewEXE Headerİ        İNE NewEXE Headerİ
İ----------------İ        İ----------------İ
İSystem Tables   İentryİ  İSystem Tables   İ
İ----------------İpointİ  İ----------------İ
İSeg 1           İ<----+  İSeg 1           İ<--+
İ                İ        İ                İ   İ
İ----------------İ --+    İ- - - - - - - - İ<---- entry point
İSeg 2           İ   İ    İVirus           İ   İ
İ----------------İ   İ    İ                İ---+ returns to original
. . .               +--> İ----------------İ     entry point
İ----------------İ        İSeg 2           İ
İSeg n           İ        İ----------------İ
+----------------+ --+     . . .
İ    İ----------------İ
İ    İSeg n           İ
+--> +----------------+

    This is the first known virus that affects OS/2 files in the "right way" - it writes itself to the file and modifies
    the NewEXE header and other system areas.

    While infecting a file, the virus uses the system calls:
    DosAllocSeg DosFreeSeg DosChgFilePtr DosClose DosFindFirst DosFindNext
    DosOpen DosRead DosWrite

   The virus contains the text strings:

     (C) 1995 American Eagle Publications Inc., All rights reserved.
     *.EXE *.DLL DOSCALLS



OS2.Jiskefet
==========
     It is a harmless nonmemory resident parasitic virus. It searches for NewEXE
     (LX) files, reads 2048 (800h) bytes from the file beginning, writes that data
     to the end of the file, and then writes itself to 2048 bytes of the file header.
     Then the virus creates a temporary file, copies the host file there, disinfects
      and executes that file. Then the virus returns control to the system.

    While searching and infecting the files, the virus uses OS/2 calls:

    DosExit DosChgFilePtr DosClose DosDelete DosFindClose DosFindFirst
    DosFindNext DosNewSize DosOpen DosGetEnv DosRead DosWrite DosExecPgm

    The virus contains the text strings:
      Jiskefet
      DOSCALLS
      *.EXE
      MK




OS2.MyName
===========
        This is a very dangerous, non-memory resident overwriting
        OS/2 virus. It is the first known virus infecting OS/2
         executable files. Upon execution, it obtains the name of the
         host file, reads its code from there, then searches for NewEXE
        (LX) files and overwrites them. While infecting a file, the virus
          uses OS/2 calls:

         DosExit DosClose DosFindFirst DosFindNext DosOpen DosGetEnv DosRead
         DosWrite

     and displays the messages:

        My name is
         --> infected

      The virus also contains the text string:

        VIRUS
        DOSCALLS
        *.EXE