Monkey Virus


 Virus Name:  Monkey 
 Aliases:     Stoned.Empire.Monkey.A, Monkey.A 
 V Status:    Rare 
 Discovered:  October, 1992 
 Symptoms:    BSC; master boot sector altered; decrease in total system & 
              available free memory; possible diskette directory corruption; 
              "Invalid drive specification" on C: drive after boot from 
              system diskette 
 Origin:      Unknown 
 Eff Length:  N/A 
 Type Code:   BRtX - Resident Boot Sector & Master Boot Sector Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, IBMAV, 
                    AVTK, NAV, NAVDX, VAlert, PCScan, ChAV 
 Removal Instructions:  Norton Disk Doctor on hard disk, DOS SYS on system 
              diskettes 
 General Comments: 
       The Monkey virus was submitted in October, 1992.  Monkey is a memory 
       resident infector of the hard disk master boot sector (partition 
       table) and the boot sector of diskettes.  It is a stealth virus, 
       hiding the infection of the hard disk and diskettes when it is memory 
       resident. 
 
       The first time the system is booted with a diskette infected with the 
       Monkey virus, the Monkey virus will become memory resident and also 
       infect the system hard disk's master boot sector.  Total system and 
       available free memory, as indicated by the DOS CHKDSK program, will 
       have decreased by 1,024 bytes.  The virus moves interrupt 12's return 
       to 9FC0.  On the system hard disk, the virus will write one sector 
       of viral code at Side 0, Cylinder 0, Sector 3, and then alter the 
       master boot sector to point to this sector. 
 
       Once the Monkey virus is memory resident, it will infect non-write 
       protected diskettes when they are accessed on the system.  On 360K 
       5.25" diskettes, the virus will write a sector of code at Sector 
       11, the last sector of the root directory, and then alter the boot 
       sector.  On 1.2M 5.25" diskettes, the sector of viral code is at 
       sector 28 (also the last sector of the root directory).  If directory 
       entries were originally located in the directory sectors overwritten, 
       the corresponding files will become inaccessible. 
 
       Monkey is a stealth virus, and cannot be detected on either the 
       system hard disk or diskettes when it is memory resident. 
       Disinfection is hampered further in that the system hard disk will 
       be inaccessible following booting the system from a clean write 
       protected system diskette, resulting in an "Invalid drive 
       specification" message.  Norton Disk Doctor can be used to remove 
       the Monkey virus from the system hard disk by rebuilding the master 
       boot sector.  The DOS SYS command can be used to replace the boot 
       sector on infected system diskettes.

Show viruses from discovered during that infect .

Main Page