informis/textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/NCSA/ncsa075.txt
root@procul 278a90f7ce Initial commit
2021-04-15 13:31:59 -05:00

88 lines
4.4 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
³ VIRUS REPORT ³
³ Italian Virus ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
Synonyms: Bouncing Ball, Vera Cruz, Ping-Pong, Bouncing Dot, Missouri
virus.
Date of Origin: March, 1988.
Host Machine: PC compatibles. Original version won't infect 80286 or
80386 computers or hard disks.
Host Files: Remains resident. Infects boot sector on any disk with at
least two sectors per cluster.
OnScreen Symptoms: A bouncing ball or dot may appear on the screen upon
activation.
Increase in Size of Infected Files: n/a.
Nature of Damage: Affects system run-time operation. Corrupts or
overwrites boot sector. Does no apparent damage.
Detected by: Scanv56+, F-Prot, IBM Scan.
Removed by: CleanUp, MDisk, F-Prot, or DOS SYS command.
Scan Code: 8E D8 A1 13 04 2D 02 00 A3 13 04 B1 06 D3 E0 2D C0 07 8E C0 BE
00 7C 8B FE B9 00. You can also search at offset 07CH for C7 06 4C 00 D0
7C 8C 0E 4E 00.
Description of Operation: This is a boot sector virus. Some forms infect
only floppies, others will also infect the boot sector of hard disks.
This virus consists of a boot sector and 1 cluster (2 sectors used)
marked as bad in the first copy of the FAT. The first of these sectors
contains the rest of the virus, and the second contains the original boot
sector. It infects all disks which have at least two sectors per
cluster, and it occupies 2K of memory.
When this virus activates (randomly) a bouncing dot/bouncing diamond
(ASCII 4) /bouncing smiley face (ASCII 2)<Note: Depends on the strain
which is running. There are at least three strains.> appears on the
screen and can only be removed through reboot. The virus can be triggered
by a disk access, should one occur during a one second window that occurs
about every half hour. When triggered, the dot bounces off the edges of
the screen, and passes through any text, with replacement after it.
Sometime, this doesn't work properly, the bouncing character interacts
with the characters on the screen, and screen displays are messed up.
Infected diskettes have 1K in bad sectors, infected hard disks have 2K
(and other numbers of bad sectors are possible). No known intentional
damage. Unintentional damage - the two copies of the FAT are left
different; DOS might not like this. Attempts to infect diskettes slows
them down, and some computers won't read floppies, due to time-outs. No
other damage is done.
Recovery: Recover by powering down the system, and then using a
write-protected DOS disk to boot. Use the SYS command from the floppy to
attempt to re-create a good boot sector. Alternatively, use the program
MD.
ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
º This document was adapted from the book "Computer Viruses", º
º which is copyright and distributed by the National Computer º
º Security Association. It contains information compiled from º
º many sources. To the best of our knowledge, all information º
º presented here is accurate. º
º º
º Please send any updates or corrections to the NCSA, Suite 309, º
º 4401-A Connecticut Ave NW, Washington, DC 20008. Or call our BBS º
º and upload the information: (202) 364-1304. Or call us voice at º
º (202) 364-8252. This version was produced May 22, 1990. º
º º
º The NCSA is a non-profit organization dedicated to improving º
º computer security. Membership in the association is just $45 per º
º year. Copies of the book "Computer Viruses", which provides º
º detailed information on over 145 viruses, can be obtained from º
º the NCSA. Member price: $44; non-member price: $55. º
º º
º The document is copyright (c) 1990 NCSA. º
º º
º This document may be distributed in any format, providing º
º this message is not removed or altered. º
ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ

Downloaded From P-80 International Information Systems 304-744-2253
Reference in New Issue View Git Blame Copy Permalink