Brain Virus


 Virus Name:  Brain 
 Aliases:     Pakistani, Pakistani Brain, Clone, Nipper 
 V Status:    Common 
 Discovery:   1986 
 Symptoms:    Extended boot time; volume label change; resident-TOM; 
              three contiguous bad sectors (floppy only); BSC 
 Origin:      Pakistan 
 Eff Length:  N/A 
 Type Code:   BRt - Resident Boot Sector Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, NAV, Sweep, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV 
 Removal Instructions:  MDisk, F-Prot, NAV, or 
                        DOS SYS command 
 General Comments: 
       The Pakistani Brain virus originated in Lahore, Pakistan and infects 
       disk boot sectors by moving the original contents of the boot sector 
       to another location on the disk, marking those 3 clusters (6 sectors) 
       bad in the FAT, and then writing the virus code in the disk boot 
       sector. 
 
       One sign of a disk having been infected, at least with the original 
       virus, is that the volume label will be changed to "(c) Brain". 
       Another sign is that the label "(c) Brain" can be found in sector 0 
       (the boot sector) on an infected disk. 
 
       This virus does install itself resident on infected systems, taking 
       up between 3K and 7K of RAM.  The Brain virus is able to hide from 
       detection by intercepting any interrupt that might interrogate the 
       boot sector and redirecting the read to the original boot sector 
       located elsewhere on the disk, thus some programs will be unable to 
       see the virus. 
 
       The original Brain virus only infected floppies, however variants to 
       the virus can now infect hard disks.  Also, some variants have had 
       the "(c) Brain" label removed to make them harder to detect. 
 
       Known variants of Brain are: 
       Brain-B: (Hard Disk Brain/Houston virus) hard disk version. 
       Brain-C: Brain-B with the "(c) Brain" label removed. 
       Clone: Brain-C but restores original boot copyright label. 
       Clone-B: Clone virus modified to destroy the FAT after 5/5/92. 
       Nipper: Received from Spain in July, 1991, this variant does not 
               infect hard disks.  The virus contains the following text 
               strings within the boot sector: 
                  "Welcome to the  Dungeon 
                   (c) 1999 NIPPER SOCIEDAD GAMBERRISTICA 
                   VIVA LA PIRATERIA. 
                   Dedicated to the memories of ................." 
 
       See:   Ashar

Show viruses from discovered during that infect .

Main Page