MusicBug Virus


 Virus Name:  MusicBug 
 Aliases:     Music Boot, Music Bug 
 V Status:    Common 
 Discovered:  December, 1990 
 Symptoms:    Decrease in total system and available free memory; clicking; 
              music randomly played on system speaker; lost clusters 
 Origin:      Taiwan 
 Eff Length:  N/A 
 Type Code:   BRtX - Resident Boot Sector & Master Boot Sector Infector 
 Detection Method:  ViruScan, F-Prot, NAV, AVTK, Sweep, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV 
 Removal Instructions:  See below 
 
 General Comments: 
       The MusicBug virus is a memory resident boot sector and master boot 
       sector (partition table) infector discovered in December, 1990.  It 
       originated in Taiwan. 
 
       When a system is booted from a diskette infected with the MusicBug 
       virus, the virus will install itself memory resident at the top of 
       system memory but below the 640K DOS boundary.  The interrupt 12 
       return will be moved, so 640K systems will now report 638K of 
       installed system memory.  Clicking may be heard for a short time 
       from the system speaker before the boot proceeds, but more likely a 
       section of a tune will be played.  The boot will then proceed. 
 
       Once MusicBug is memory resident, it will periodically play another 
       portion of the same tune when disk accesses occur.  It is thus 
       rather disruptive. 
 
       When MusicBug is memory resident, any disk accessed (including the 
       system hard disk) will become infected with the virus.  In the case 
       of hard disks, MusicBug infects the hard disk master boot sector and 
       boot sector. 
 
       Infected disks will have 4K in lost clusters which will contain the 
       virus's code as well as a copy of the disk's original boot sector. 
       The following text strings can also be found in these lost clusters: 
 
               "MusicBug v1.06. MacroSoft Corp." 
               "Made in Taiwan" 
 
       Diskettes infected with the MusicBug virus can be disinfected after 
       powering off the system and booting from a write protected system 
       diskette, then using the DOS SYS command.  The lost clusters can 
       then be removed by using the CHKDSK command with the /F parameter. 
 
       Hard disks, however, cannot be disinfected in the same way.  While 
       the DOS SYS command will remove the virus from the hard disk's boot 
       sector, and the lost clusters can be recovered, the hard disk will 
       remain an unbootable, non-system disk until a low-level format is 
       performed.

Show viruses from discovered during that infect .

Main Page