Tijuana Virus


 Virus Name:  Tijuana 
 Aliases:     Boot-3250 
 V Status:    New 
 Discovery:   July, 1998 
 Symptoms:    Diskette Boot Sector & MBR altered; 
              decrease in total system & available free memory 
 Origin:      Mexico 
 Eff Length:  N/A 
 Type Code:   BRtX - Resident Diskette Boot Sector & MBR Infector 
 Detection Method: ViruScan 
 Removal Instructions:  ViruScan /clean following clean cold system boot 
 
 General Comments: 
       The Tijuana or Boot-3250 virus was received in July, 1998.  It is 
       from Mexico and appears to be in the public domain.  Tijuana is 
       a memory resident stealth virus which infects diskette boot 
       sectors and the system hard disk master boot sector. 
 
       When the system is booted from a Tijuana infected diskette, the 
       Tijuana virus will infect the master boot record of the system 
       hard disk and install itself memory resident.  Total system and 
       available free memory, as indicated by the DOS CHKDSK program 
       from DOS 5.0, will have decreased by 2,048 bytes.  Interrupt 12's 
       return will have been moved. 
 
       Once the Tijuana virus is memory resident, it will infect the 
       boot sector of un-write protected diskettes accessed on the system. 
       On diskettes, the virus places the viral code in the last two 
       sectors of the diskette's root directory, thus on these disks, any 
       directory entries in those sectors will be lost.  The following 
       text is unencrypted within the viral code: 
 
           "Fecha de Creacion: 29 de Marzo de 1995 
            VIRUS  Tijuana. Ver 3a 
            Al haber terminado este VIRUS, se cumplio una 
            de mis grandes aspiraciones. Pido disculpas 
            a las personas que fueron atacadas por 
            m: VIRUS" 
 
       When the virus is memory resident, anti-viral programs cannot 
       detect its presence on the system hard disk master boot record 
       or infected diskettes.  If found in memory, system users should 
       boot from a known uninfected system diskette and then recheck 
       their systems for the virus's presence on diskette. 
 
       Tijuana can be removed successfully from the system hard disk 
       master boot record and diskette boot sectors by first cold booting 
       the system from a known clean boot diskette then running the 
       ViruScan program with the /clean option.

Show viruses from discovered during that infect .

Main Page