Find_Me Virus


 Virus Name:  Find_Me 
 Aliases:    
 V Status:    New 
 Discovered:  January, 1997 
 Symptoms:    BSC; Master Boot Sector Altered; CMOS corruption; 
              decrease in total system & available free memory; 
              hard disk inaccessible following boot from clean system disk 
 Origin:      Unknown 
 Eff Length:  N/A 
 Type Code:   BRtX - Resident Boot Sector & Master Boot Sector Infector 
 Detection Method:  AVTK, ViruScan, PCScan, NAV, NAVBoot 
 Removal Instructions:  Requires AV Remover, do NOT use FDisk /MBR 
 
 General Comments: 
       The Find_Me virus was received in January, 1997.  Its origin or point 
       of isolation is unknown.  Find_Me is a memory resident stealth boot 
       sector and master boot record (MBR) infector. 
 
       When the system is booted with a Find_Me infected diskette, this 
       virus will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program from DOS 5.0, will have decreased by 1,024 bytes.  Also at 
       this time, the virus will infect the system hard disk master boot 
       record containing the disk partitioning information. 
 
       Once the Find_Me virus is memory resident, it will infect the boot 
       sector of any non-write protected diskette accessed on the system. 
       The viral code will be located in the boot sector as well as the 
       last sector of the root directory of the diskette.  As a result, any 
       directory entries which were in this sector will be lost. 
 
       The Find_M virus activates on May 26th and December 26th of any 
       year, at which time it will overwrite the system CMOS. 
 
       Find_Me is a stealth virus, hiding the infection of the virus on the 
       system hard disk master boot record and diskette boot sectors when 
       it is memory resident. 
 
       Attempts to boot infected systems from an uninfected, write-protected 
       system diskette will result in the system hard drive being 
       inaccessible, and an "invalid drive specification" error being 
       returned. 
 
       The Find_Me virus relocated the hard disk partitioning information 
       and using the DOS FDisk /MBR program will result in loss of all data 
       on the hard drive.  An anti-viral program capable of removing this 
       virus is required for disinfection of the system hard disk without 
       data loss.

Show viruses from discovered during that infect .

Main Page