Zlodic (or Virus.DOS.Zlodic) is a family of primitive, not-resident, not-polymorphic and not-encrypted family of overwriters that work on MS-DOS only. It's related family, to the Trivial family of malware.

This family was originated in Russia.


Zlodic viruses are primitive, not-encrypted, not-polymorphic and not-resident. Zlodic viruses add their code to COM and EXE files, at the beginning, thus leading to the execution of the virus before the execution of the host; host code will run correctly, through (even if there are exceptions). Zlodic viruses are buggy, since they reinfect already infected files (especially, a common behavior of the Zlodic.666 virus). It's a Russian family of malware; they employ Russian strings in their code. Zlodic viruses always contain the word Zlodic somewhere in their code.

This family is similar to the Trivial one, but more advanced.



This virus always infects in the current folder. When it's run, this virus infects every COM file in the current folder, and every EXE file. When every file in the current folder is infected, the malware will then add code only to the last file, even if it's already infected.

On March 19, this virus displays the Russian flag, with the text "-=SPARTAK(MOSCOW) - CHAMPION FOREVER!= =СМЕРТЬ кОНЯМ и мУСОРАМ=-" on the top of the screen.


This virus works like the Zlodic.666 virus, but without the payload. This virus contains "*.COM", "*.EXE", "-*Zlodic.666-*" and "MIEM=RULEZ" as internal strings.


This virus works like the Zlodic.666 virus, but without the payload. It always display the string "Этот вирус взят с Angedonya BBS. 7-095-PRI-VA-TE (00:00-07:00) Длина незаражённого файла 2000 байт" after infection.

Trivial.Zlodic.52, 60

Two Trivial-like Zlodic viruses. They always contain as internal strings "Zlodic" and "*.cOm". These viruses work like Trivial viruses, thus overwriting host code and not adding viral code to host code.




Community content is available under CC-BY-SA unless otherwise noted.