Sampo Virus

Virus Name: Sampo Aliases: Turbo Boot V Status: Common Discovery: January, 1996 Symptoms: Diskette boot sectors altered; MBR altered; message displayed; decrease in available free memory; Origin: Unknown Eff Length: N/A Type Code: BRhX - Resident Diskette Boot Sector & MBR Infector Detection Method: NAV, NAVDX, ViruScan, IBMAV, AVTK, PCScan, VAlert, F-Prot, ChAV Removal Instructions: F-Prot, or FDisk /MBR and DOS SYS on diskettes General Comments: The Sampo virus was received in January, 1996. It is a memory resident infector of diskette boot sectors and the system hard disk master boot sector, which contains the hard disk partition table. This virus has been reported in the wild in the United States, Canada, and Europe, and is a fairly common virus. When the system is booted for the first time from a Sampo infected diskette, this virus will install itself memory resident and infect the system hard disk master boot sector. Available free memory, as indicated by the DOS CHKDSK program, will have decreased by 6,128 bytes. Once the Sampo virus is memory resident, it will infect the boot sector of non-write protected diskettes when they are accessed on the system. The Sampo virus activates on November 30th of any year, at which time it may display the following message on the system monitor: "S A M P O "Project X" Copyright (c)1991 by the SAMPO X-Team. All rights reserved. University Of The East Manila" The following text is encrypted within the viral code: "!!S!! !!A!! !!M!! !!P!! !!O!!" "!!P!!r!!o!!j!!e!!c!!t!! !!X!!" "!!C!!o!!p!!y!!r!!i!!g!!h!!t!! !!(!!c!!)!!1!!9!!9!!1!! !!b!!y!! !!t!!h!!e!!" "!!S!!A!!M!!P!!O!! !!X!!-!!T!!e!!a!!m!!.!! !!A!!l!!l!! !!r!!i!!g!!h!!t!!s!!" "!!r!!e!!s!!e!!r!!v!!e!!d!!." "!!U!!n!!i!!v!!e!!r!!s!!i!!t!!y!! !!O!!f!! !!T!!h!!e!! !!E!!a!!s!!t!!" "!!M!!a!!n!!i!!l!!a!!"