Nomenklatura is a virus that runs on MS-DOS. This virus is a memory resident infector of .COM and .EXE files, including COMMAND.COM. It is not related to the V1024 virus, though it is the same length.
The first time a program infected with the Nomenklatura virus is executed on a system, the virus installs itself memory resident at the top of available system memory, but below the 640K DOS boundary. Available system memory will decrease by 1,024 bytes, and interrupt 21 will be hooked by the virus. When the virus is memory resident, any .COM or .EXE program greater in length then approximately 1,023 bytes that is executed or opened for any reason will be infected by the Nomenklatura virus.
Infected files will have their file lengths increased by 1,024 bytes. The virus does not hide the increase in file length when the disk directory is displayed. Attempts to execute uninfected programs from a write-protected diskette with the virus in memory will result in a "Sector not found error" message being displayed, and the program not being executed.
The Nomenklatura virus is destructive to the contents of diskettes exposed to infected systems. File corruption will randomly occur, with the frequency increasing as the disk becomes more filled with data. The file errors may occur on data files as well program files. This file corruption occurs due to the virus occasionally swapping a pair of words in the sector buffer. It may also do this to critical system areas such as the FAT, boot sector, or directories since it may occur to any clusters on the disk. If a file or critical system area was residing in a corrupted cluster, it will be corrupted. As such, systems which has been exposed to the Nomenklatura virus must be carefully checked as the integrity of non-infected programs and any data files should be considered suspect.
Delete the infected files.
The virus has been named Nomenklatura as this text string appears in all programs infected with this virus.