Bones Virus


 Virus Name:  Bones 
 Aliases:     7-Boot, Ibex, NOP 
 V Status:    Common 
 Discovery:   January, 1996 
 Symptoms:    BSC; MBR (partition table) altered; 
              decrease in total system & available free memory; 
              overwrites 1st system hard disk 
 Origin:      Unknown 
 Eff Length:  N/A 
 Type Code:   BRtX - Memory Resident Floppy Boot Sector & MBR Infector 
 Detection Method: NAV, NAVDX, ViruScan, IBMAV, AVTK, VAlert, PCScan, 
                   F-Prot, ChAV 
 Removal Instructions:  F-Prot, 
                        or FDisk /MBR on hard disk, DOS SYS on diskettes 
 General Comments: 
       The Bones, 7-Boot, Ibex, or NOP virus was received in January, 
       1996.  Bones is a memory resident boot virus which infects the 
       boot sector of non-write protected diskettes as well as the system 
       hard disk master boot record.  It is a destructive virus, activating 
       on the 7th day of any month. 
 
       The first time a system is booted from a Bones infected diskette, the 
       Bones virus will install itself in the master boot record of the 
       system hard disk.  A system hang will then occur. 
 
       When a computer system is booted from a Bones infected system hard 
       disk, the Bones virus will install itself memory resident at the 
       top of system memory but below the 640K DOS boundary, moving 
       interrupt 12's return.  Total system and available free memory, as 
       indicated by the DOS CHKDSK program, will have decreased by 1,024 
       bytes. 
 
       Once the Bones virus is memory resident, it will infect the boot 
       sector of non-write protected diskettes which are accessed on the 
       infected system.  On 360K 5.25" diskettes, the original boot sector 
       will have been relocated to Side 1, Cylinder 0, Sector 3, which is 
       the eleventh sector on the disk.  On 1.2M 5.25" diskettes, the 
       original boot sector will have been relocated to Side 1, Cylinder 0, 
       Sector 11, which is the twentyeighth sector on the disk.  In both 
       cases, these sectors are the last sector of the root directory, and 
       as a result, any directory entries originally located in this 
       sector will be lost. 
 
       The Bones virus activates on the seventh day of any month.  On this 
       day, the virus will overwrite the first system hard disk with garbage 
       characters when the system is booted from an infected hard disk or 
       diskette. 
 
       On some systems, infected diskettes may appear to have invalid boot 
       sectors, though this does not occur on all systems, and is probably 
       BIOS related.

Show viruses from discovered during that infect .

Main Page