textfiles/virus/DOCUMENTATION/da'boys.txt

44 lines
2.0 KiB
Plaintext
Raw Permalink Normal View History

2021-04-15 11:31:59 -07:00
Virus Name: DA'BOYS
Aliases: DALLAS COWBOYS
V Status: New, Research
Discovery: January, 1994
Symptoms: Possible diskette access problems; BSC; Infected disks fail to
boot on 8088 or 8086 processors; No COM4.
Origin: USA
Eff Length: 251 Bytes
Type Code: BORaX - Resident Overwriting Boot Sector and Master Boot Sector
Infector
Detection Method: None
Removal Instructions: DOS SYS
General Comments:
The DA'BOYS virus will only work with DOS 5 or DOS 6+ with an 80186 or
better processor. Unlike other boot sector infectors, the DA'BOYS
virus overwrites or rewrites the DOS boot sector. It does not make a
copy or move the boot sector to another sector. It will infect all
American DOS 5 or DOS 6 boot sectors. It will infect disks in drive
A: or B: It works with 360K, 720K, 1.2M, 1.44M or 2.88M disks.
When a disk is booted with the DA'BOYS virus, it will load itself into
a "hole" in lower DOS memory. CHKDSK will not show a decrease in
available memory. INT 12 will not be moved. The DA'BOYS virus code
is written in the "Non-System disk or disk error Replace and press
any key when ready" string. But it will display the above message by
using the code found on the hard disk DOS boot sector. It will then
infect the DOS boot sector (not the partition table) of the hard disk
and overwrite the "Non-System ... " text string with it's code.
The DA'BOYS virus does not damage any data. It disables COM4. The
text string "DA'BOYS" appears in the virus code but is not displayed.
The DA'BOYS virus has a companion virus that it works with. The
GOLD-BUG virus is also a boot sector infector. It is possible to have
a diskette with two boot sector viruses. GOLD-BUG hides the presence
of the DA'BOYS virus from the Windows 3.1 startup routine. GOLD-BUG
removes the DA'BOYS virus from the INT 13 chain at the start of
Windows and restores it when Windows ends.
It can be removed from diskettes and hard disks with the DOS SYS
command.