Tech Arsenal 1

home *** CD-ROM | disk | FTP | other *** search

/ Tech Arsenal 1 / Tech Arsenal (Arsenal Computer).ISO / tek-12 / michlglo.txt < prev next >

Wrap

Text File | 1992-02-23 | 4KB | 92 lines

Some information on the Michelangelo virus: "Michelangelo activates on March 6, at which time it will format the system hard disk by overwriting it with random characters from system memory." (This description of the following virus is an extract from the very fine VSUM hypertext program. VSUM gives information on most known viruses.) =================================================== Virus Name: Michelangelo Aliases: Scan ID: [Mich] V Status: Common Discovered: April, 1991 Symptoms: Disk directory damage; hard disk format; decrease in total system and available memory Origin: Sweden or the Netherlands Eff Length: N/A Type Code: BRtX - Floppy and Hard Disk Partition Table Infector Detection Method: ViruScan V80+, F-Prot 1.16+, IBM Scan 2.1+, VIRx 1.8+, Novi 1.0.1+, Sweep 2.3.1+, AVTK 5.52A+, UTScan Removal Instructions: CleanUp V80+, F-Prot 1.16+ General Comments: The Michelangelo virus was first reported in April, 1991 in Sweden and the Netherlands. The first usable sample of this virus was actually received in June, 1991. Michelangelo is a memory resident infector of diskette boot sectors and the hard disk partition table. It is roughly based on the Stoned virus, though very different in its behavior. The Michelangelo virus becomes memory resident the first time the system is attempted to be booted with a Michelangelo infected disk. Regardless of whether this boot is successful, Michelangelo will become memory resident. Total system and available free memory, as measured by the DOS CHKDSK program will typically decrease by 2,048 bytes. Michelangelo will be resident at the top of system memory but below the 640K DOS boundary. Interrupt 12's return will be moved to insure that Michelangelo in memory is not overwritten. Once Michaelangelo is memory resident, it will infect diskette boot sectors as diskettes as they are accessed. It will also infect the hard disk partition table when the user attempts to access a file on the hard disk. On 360K 5.25" diskettes, the original boot sector will be moved by the virus to sector 11, the last sector in the root directory. On 1.2M 5.25" diskettes, the original boot sector will be relocated to sector 28, part of the root directory. Since the original boot sector now resides in the root directory, any entries which happened to be in the overwritten sector of the root directory will be lost. sector 28, part of the root directory. Since the original boot sector now resides in the root directory, any entries which happened to be in the overwritten sector of the root directory will be lost. Partition table infections will result in the original partition table having been moved to Side 0, Cylinder 0, Sector 7 on the hard disk. Michelangelo activates on March 6, at which time it will format the system hard disk by overwriting it with random characters from system memory. =================================================== Be prepared! The following files are available for download on this BBS: 1. SCAN86-B.ZIP Virus scanning software (to look for virus infections) - McAfee Assoc 2. NETSC86B.ZIP Virus scanning software for DOS based LAN file servers (Netware etc.) - McAfee Assoc 3. CLEAN86B.ZIP Companion to SCAN86-B.ZIP that cleans out the virus found by SCAN. - McAfee Assoc 4. VSHLD86B.ZIP TSR that monitors program loads for virus infection. - McAfee Assoc 5. VSUMX201.ZIP Origins and symptoms of most known viruses. NOTE: These programs are Shareware and may require registration with the authors. BE SURE to read the terms and conditions in the program's documentation and ACT RESPONSIBLY!