Bleah Virus

Virus Name: Bleah Aliases: Bleah.A V Status: New Discovery: January, 1997 Symptoms: boot sectors altered; MBR altered; decrease in available free memory Origin: Unknown Eff Length: N/A Type Code: BRhX - Resident Boot Sector & MBR Infector Detection Method: AVTK, ViruScan, PCScan, NAV, NAVBoot Removal Instructions: DOS F-Disk /MBR or F-Prot on hard disk; DOS SYS command on system disks General Comments: The Bleah or Bleah.A virus was received in January, 1997. Its origin or point of isolation is unknown. Bleah is a memory resident stealth infector of diskette boot sectors and the system hard disk master boot record. When the system is booted from a Bleah infected diskette, this virus will infect the system hard disk master boot record (MBR), as well as become memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Interrupt 13 will be hooked by the virus in memory. Once the Bleah virus is memory resident following a boot from an infected diskette or infected hard drive, this virus will infect unwrite-protected diskette bootsectors when the disk is accessed. On diskettes, this virus writes a copy of the original boot sector to the last or second to the last sector of the disk directory, and then writes its viral code to the boot sector. It cannot, however, determine if a disk was previously infected by the virus so sometimes it will reinfect a previously infected diskette, losing the original boot sector. The Bleah virus is a stealth virus, hiding the viral infection on the system hard disk master boot record and diskette boot sectors when attempts are made to read these areas with the virus memory resident. The Bleah virus doesn't do anything besides replicate, though loss of directory entries may occur on diskettes containing many files.