Lavot Virus


 Virus Name:  Lavot 
 Aliases:     WET 
 V Status:    New 
 Discovered:  July, 1998 
 Symptoms:    Diskette Boot Sectors & MBR altered; 
              decrease in total system & available free memory 
 Origin:      Netherlands 
 Eff Length:  N/A 
 Type Code:   BRtX - Resident Diskette Boot Sector & MBR Infector 
 Detection Method:  ViruScan 
 Removal Instructions:  ViruScan /clean following cold clean system boot 
 
 General Comments: 
       The Lavot virus was received in July, 1998.  It is reported to be 
       "in the wild" in the Netherlands.  Lavot is a memory resident 
       stealth infector of diskette boot sectors and the system hard 
       disk master boot record. 
 
       The first time a system is booted from a Lavot infected diskette, 
       the Lavot virus will infect the system hard disk master boot 
       record and become memory resident.  Total system and available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 2,048 bytes.  Interrupt 12's return will 
       have been moved. 
 
       Once the Lavot virus is memory resident, it will infect diskette 
       boot sectors when non-write protected diskettes are accessed on 
       the system, though it does not infect 360KB diskettes. 
 
       When the Lavot virus is memory resident, anti-viral programs cannot 
       detect its presence on disk.  If an anti-viral program detects its 
       presence in memory, the system should be rebooted from a known 
       uninfected diskette and then rechecked for the virus on disk.

Show viruses from discovered during that infect .

Main Page