Virus.DOS.Vanitas or Vanitas is a dangerous memory resident parasitic encrypted virus that runs on MS-DOS.

It has 5 variants:

  • Virus.DOS.Vanitas.2040 (plus B)
  • Virus.DOS.Vanitas.3712 (A, B and C)


When the virus is in memory, it hooks INT 21h and writes itself to the end of EXE files that are accessed. The virus does not infect the files: EMM386, SCAN, F-PROT. While installing memory resident the virus also infects the C:\WINDOWS\COMMAND.COM and C:\COMMAND.COM files (they are of EXE format in DOS 7.x).

The virus has a bug and may halt the system while installing memory resident.

Payload Edit

On March 27 the virus manifests itself by a video effect.

Other details Edit

Debugging is required in order to let the virus to install itself into memory.

The virus contains the text strings:

VANITAS++ v2.0 GR(c)97 by ANAX.
[E-75] goes to Hell. Have a nice death...


Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Also on FANDOM

Random Wiki