Horse Boot Virus


 Virus Name:  Horse Boot 
 Aliases:     Horse Boot Dropper 
 V Status:    Rare 
 Discovered:  May, 1991 
 Symptoms:    BSC; decrease in system & available memory; master boot 
              sector altered; high density diskette corruption 
 Origin:      Bulgaria 
 Eff Length:  N/A Bytes 
 Type Code:   BRhX - Resident Boot Sector & Master Boot Sector Infector 
 Detection Method:  ViruScan, Sweep, AVTK, NAV, F-Prot, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, AVTK/N, NAV/N, NProt, Innoc 4.0+ 
 Removal Instructions:  MDisk/P, or DOS SYS on system diskettes 
 
 General Comments: 
       The Horse Boot virus was submitted in May, 1991 in the form of a 
       "dropper" program which installs the virus on a 360K diskette. 
       Horse Boot, once "dropped" by the install program, is a memory 
       resident infector of diskette boot sectors and the hard disk 
       master boot sector (partition table).  It is based on the Stoned 
       virus. 
 
       When a system is booted from a diskette infected by the Horse Boot 
       virus, the virus will install itself memory resident at the top 
       of system memory, but below the 640K DOS boundary.  Interrupt 12's 
       return will not be moved.  Total system and available free memory 
       will decrease by 2,048 bytes as measured by the DOS CHKDSK 
       program.  The virus will also access the system hard disk, and 
       infect the hard disk's master boot sector with a copy of the virus. 
       Once the boot has completed, the user will find their current 
       drive is drive C:, and not drive A:. 
 
       Once Horse Boot is memory resident, it will infect non-write 
       protected diskettes which are exposed to the system, similar to 
       Stoned. 
 
       360K low density 5.25" diskettes infected with Horse Boot will have 
       their original boot sector moved to the last sector on the diskette. 
       Infected hard disks will have the original master boot sector moved 
       to cylinder 0, side 0, sector 7. 
 
       Horse Boot treats high density diskettes as low density diskettes. 
       If a high density diskette becomes infected with Horse Boot, data on 
       the diskette will be damaged. 
 
       Known variant(s) of Horse Boot are: 
       Horse Boot Dropper: A small .COM program which, when executed, 
                           drops the Horse Boot virus. 
 
       See:   Stoned

Show viruses from discovered during that infect .

Main Page