Sticky Virus


 Virus Name:  Sticky 
 Aliases:     Multi-2, Nu Way 
 V Status:    Common 
 Discovered:  May, 1992 
 Symptoms:    .COM & .EXE growth; Master boot sector altered; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  927 - 1,407 Bytes 
 Type Code:   PRtAKX - Parasitic Resident .COM, .EXE, Overlay, and 
                       Master Boot Sector Infector 
 Detection Method:  ViruScan, AVTK, IBMAV, NAV, F-Prot, PCScan, 
                    Sweep, NAVDX, VAlert, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, AVTK/N, IBMAV/N, 
                    NProt, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Sticky, or Multi-2, virus was discovered at several sites in the 
       United States and Canada in May, 1992.  Sticky is a memory resident 
       multi-partite virus which infects the hard disk master boot sector 
       (partition table) and all executable files. 
 
       When the first Sticky infected program is executed, the Sticky virus 
       will infect the system hard disk's master boot sector.  This virus 
       writes a copy of its viral code to Side 0, Cylinder 0, Sectors 2 and 
       3, and then alters the master boot sector to point to this code.  The 
       Sticky virus does not become memory resident at this time, and will 
       not infect files. 
 
       Later, when the system user boots from the Sticky virus infected 
       hard disk, the Sticky virus will become memory resident above the 
       top of system memory but below the 640K DOS boundary.  Interrupt 
       12's return will be moved.  Total system and available free memory, 
       as indicated by the DOS CHKDSK program, will have decreased by 
       3,072 bytes.  Interrupt 21 will be hooked by Sticky in memory. 
 
       Once the Sticky virus is memory resident, it will infect any 
       executable program which is opened or executed.  Infected .COM 
       programs will have a file length increase of 927 bytes.  .EXE 
       programs will increase in size by 1,133 to 1,407 bytes.  In both 
       cases, the virus will be located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will not 
       be altered.  Sticky is an encrypted virus, and no text strings are 
       visible within the viral code in infected programs. 
 
       It is unknown what Sticky does besides replicate.

Show viruses from discovered during that infect .

Main Page