Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki
Jump to: navigation, search
Type Virus
Date 1990
Programming Language Assembly
Platform MS-DOS
Filetype *DOS executable (.COM)
  • MZ executable (.EXE)
Alias(es) Virus.Boot.V1253/Thanksgiving
Impact {{{length}}}
Damage costs
MD5 6795622fb8209d8d968e3cb7cbe118d7
SHA1 2febd0a4119206918cdb38fa329b508f1a50630c
CRC32 {{{crc32}}}
SHA256 128180e3ea7ed579fb62b1116b40dc95160c9897e869b8237f6d80cb402611a6
Authentihash {{{authenti}}}
IMPhash {{{imp}}}
Vhash 24:gHWZMZ/pTKDziY6o0BDUVOGtRyvYQH3T/by6qX0pvEdPCvnifDL:gMGpTKDzBuBmUvYQD/bvvKvf

Thanksgiving (Also known as Virus.Boot.V1253/Thanksgiving) is a virus than runs on DOS. It activates on Thanksgiving day.


When the virus is run, it infects all .COM files and attempts to infect the master boot records of hard disks and floppy disks. However, the virus does not check to see if the disk it is attempting to infect is write-protected. If the disk is write-protected, the system will show the user an error report. When the user looks at the directory of a .COM file, the file will increase in file size.

If the computer is booted on Thanksgiving of 1990 or later, the virus will overwrite the first seventeen sectors of the first two heads of the hard disk, which renders the partition table unusable and makes all data inaccessible. If the user reboots on this date or later, there will be no boot sector on the hard disk, which makes the system unable to boot up.