LZRQ Virus


 Virus Name:  LZRQ 
 Aliases:     Whit 
 V Status:    Rare 
 Discovered:  October, 1992 
 Symptoms:    BSC; master boot sector altered; decrease in total system & 
              available free memory 
 Origin:      Unknown 
 Eff Length:  N/A 
 Type Code:   BRtX - Resident Boot Sector & Master Boot Sector Infector 
 Detection Method:  ViruScan, F-Prot, NAV, AVTK, IBMAV, 
                    Sweep, NAVDX, VAlert, PCScan, ChAV 
 Removal Instructions:  M-Disk, or DOS SYS on system diskettes 
 
 General Comments: 
       The LZRQ virus was submitted in October, 1992.  LZRQ is a memory 
       resident infector of diskette boot sectors and the system hard disk 
       master boot sector (partition table).  It appears to be related to 
       the Den Zuk virus. 
 
       The first time the system is booted from a LZRQ infected diskette, 
       the LZRQ virus will install itself memory resident at the top of 
       system memory but below the 640K DOS boundary, moving interrupt 12's 
       return.  Total system and available free memory, as indicated by the 
       DOS CHKDSK program, will have decreased by 2,048 bytes.  Also at this 
       time, the virus will infect the system hard disk's master boot sector 
       if it was not previously infected. 
 
       Once the LZRQ virus is memory resident, it will infect the boot 
       sector of any non-write protected diskettes accessed on the system. 
 
       On 360K 5.25" diskettes, the virus will write one sector of viral 
       code to Side 1, Cylinder 39, Sector 8, and copy the original boot 
       sector to Side 1, Cylinder 39, Sector 9.  The virus then overwrites 
       the original boot sector at Side 0, Cylinder 0, Sector 1. 
 
       On 1.2M 5.25" diskettes, the virus will write one sector of viral 
       code to Side 1, Cylinder 79, Sector 14, and copy the original boot 
       sector to Side 1, Cylinder 79, Sector 15.  The virus then overwrites 
       the original boot sector at Side 0, Cylinder 0, Sector 1. 
 
       On the system hard disk, the virus will have written one sector of 
       viral code to Side 0, Cylinder 0, Sector 2, and copied the original 
       master boot sector to Side 0, Cylinder 0, Sector 3.  The virus then 
       overwrites the master boot sector at Side 0, Cylinder 0, Sector 1. 
 
       The only text string which appears in the viral code is "LZRQ", it 
       is located in the extra sector of viral code, not the infected 
       boot sector or master boot sector. 
 
       See:   Den Zuk

Show viruses from discovered during that infect .

Main Page