Catman Virus


 Virus Name:  Catman 
 Aliases:    
 V Status:    Rare 
 Discovery:   July, 1991 
 Symptoms:    BSC; Master Boot Sector altered; decrease in total system and 
              available free memory 
 Origin:      USSR 
 Eff Length:  N/A 
 Type Code:   BRtX - Resident Boot Sector & Master Boot Sector Infector 
 Detection Method:  NAV, AVTK, F-Prot, Sweep, NAVDX, VAlert, 
                    ViruScan, PCScan, ChAV, 
                    LProt, Sweep/N, AVTK/N, NAV/N, NProt, NShld 
 Removal Instructions:  See Below 
 
 General Comments: 
       The Catman virus was received in July, 1991.  Previously, two other 
       samples of this virus have been received, though they were not  
       viable viruses.  Catman is originally from the USSR.  It is a memory 
       resident infector of diskette boot sectors and the hard disk 
       master boot sector (partition table). 
 
       The Catman virus was submitted in the form of a "dropper" program. 
       If the dropper program is executed on a diskette drive, the boot 
       sector of the diskette will become infected with Catman.  The 
       original boot sector will be located at sector 71.  If sector 71 
       was part of file, the file will be corrupted.  The remainder of the 
       virus will be placed in the second sector of the first and second 
       file allocation table on the disk. 
 
       If the Catman dropper was executed on the system hard disk, the virus 
       will copy the original master boot sector to sector 71, which is part 
       of the second copy of the file allocation table. 
 
       Catman does not replicate from the diskette boot sectors or the 
       hard disk master boot sector.  The only way it can spread, at least 
       in its present form, is by executing the dropper program. 
 
       When a computer system is booted from a diskette infected with the 
       Catman virus, the boot will usually result in a system hang. 
       Likewise, booting from the system hard disk with an infected master   
       boot sector will also result in a system hang. 
 
       Catman can be removed from the hard disk master boot sector by 
       copying back the original master boot sector located at sector 71 to 
       side 0, cyl 0, sector 1.  For system diskettes, the DOS SYS command 
       can be used to replace the boot sector.  Non-system diskettes should 
       be disinfected by copying all files using the DOS COPY command, and 
       then reformatting the disk.  In any even, programs and files which 
       were damaged due to the overwritten sectors will not be able to be 
       recovered, and should be replaced from backup copies.

Show viruses from discovered during that infect .

Main Page