Malware type: DOS

Aliases: Jeru.Czech(Symantec), Jerusalem-1730(Sophos), Virus.DOS.Jerusalem.1730(Kaspersky), Czech-B(Avira), Jerusalem.1735.A(F-Prot), Jeru.b(McAfee)

In the wild: No

Destructive: No

Language: English

Platform: Windows

Encrypted: No

Overall risk rating:


This nondestructive, memory-resident virus infects .COM files and runs only in MS-DOS.

For additional information about this threat, see:

Description created: Nov. 6, 2000 11:40:20 AM GMT -0800
Description updated: Oct. 25, 2002 11:55:07 PM GMT -0800


Size of malware: 1,737 Bytes

Initial samples received on: Oct 3, 1995


This DOS virus infects .COM files that are executed. It stays resident in memory by allocating space for itself and hooking interrupts 21h and 08h.

When a .COM file is executed, this virus prepends its viral codes to the executed file, shifting the rest of the file towards the end. It preserves the infected file's time and date stamp and attributes.


Minimum scan engine version needed: 5.200

Pattern file needed: 0.200.00

Pattern release date: Oct 3, 1995

Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.


Scan your system with Trend Micro antivirus and delete all files detected as JERUSALEM.CZECH. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

Note: Files infected with this malware must be deleted to clean your system completely. You can restore by using a clean and reliable backup or by reinstalling them.

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.