Quick Virus


 Virus Name:  Quick 
 Aliases:     Brasil 
 V Status:    Rare 
 Discovered:  October, 1992 
 Symptoms:    BSC; master boot sector altered; decrease in total system & 
              available free memory; diskette root directory corruption 
 Origin:      Unknown 
 Eff Length:  N/A 
 Type Code:   BRtX - Resident Boot Sector & Master Boot Sector Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, NAV, IBMAV, 
                    Sweep, NAVDX, VAlert, PCScan, ChAV 
 Removal Instructions:  M-Disk, or DOS SYS on system diskettes 
 
 General Comments: 
       The Quick virus was submitted in October, 1992.  Quick is a memory 
       resident infector of diskette boot sectors and the system hard disk 
       master boot sector (partition table).  Quick is a stealth virus, 
       employing techniques to redirect attempts to read the master boot 
       secotr and diskette boot sector when the virus is memory resident. 
 
       The first time the system is booted from a Quick infected diskette, 
       the Quick virus will install itself memory resident at the top of 
       system memory but below the 640K DOS boundary, moving interrupt 12's 
       return.  Total system and available free memory, as indicated by the 
       DOS CHKDSK program, will have decreased by 1,024 bytes.  Also at this 
       time, the virus will infect the system hard disk's master boot sector 
       if it was not previously infected. 
 
       Once the Quick virus is memory resident, it will infect the boot 
       sector of any non-write protected diskettes accessed on the system. 
 
       On 360K 5.25" diskettes, the virus will write one sector of viral 
       code to Sector 10, and copy the original boot sector to Sector 11. 
       The virus then overwrites the original boot sector at Sector 0. 
 
       On 1.2M 5.25" diskettes, the virus will write one sector of viral 
       code to Sector 27, and copy the original boot sector to Sector 28. 
       The virus then overwrites the original boot sector at Sector 0. 
 
       On the system hard disk, the virus will have written one sector of 
       viral code to Side 0, Cylinder 0, Sector 2, and copied the original 
       master boot sector to Side 0, Cylinder 0, Sector 3.  The virus then 
       overwrites the master boot sector at Side 0, Cylinder 0, Sector 1. 
 
       The virus does not contain any text strings within the viral code, 
       and has been named to due to its ability to quickly spread to 
       diskettes without being detected.  Since the virus overwrites the 
       last two sectors of the root directory on diskettes, directory 
       entries which were originally in these sectors will be lost.

Show viruses from discovered during that infect .

Main Page