World Peace Virus


 Virus Name:  World Peace 
 Aliases:   
 V Status:    Rare 
 Discovered:  May, 1992 
 Symptoms:    BSC; decrease in total system and available memory 
 Origin:      Malaysia 
 Eff Length:  N/A Bytes 
 Type Code:   BRtF - Resident Diskette Boot Sector Infector 
 Detection Method:  ViruScan, IBMAV, NAV, NAVDX, AVTK, F-Prot 
 Removal Instructions:  DOS SYS on System Diskettes 
 
 General Comments: 
       The World Peace virus was submitted from Malaysia in May, 1992. 
       World Peace is a memory resident infector of diskette boot sectors, 
       and is a stealth virus.  It does not infect hard disks in its present 
       form. 
 
       When a system is booted with a diskette infected with the World 
       Peace, the World Peace virus will install itself memory resident at 
       the top of system memory but below the 640K DOS boundary.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 1,024 bytes.  Interrupt 12's return 
       will have been moved and interrupt 1C will be hooked by the virus 
       in memory. 
 
       Once World Peace is memory resident, it will infect non-write 
       protected diskettes when they are accessed.  Upon accessing the 
       diskette, the original diskette boot sector will be moved to another 
       location on the diskette, and then the virus will overwrite the 
       diskette's boot sector with its viral code.  In the case of 360K 
       5.25" diskettes, the original boot sector will be located at sector 
       11, the last sector of the root directory. 
 
       World Peace does not infect 1.2Meg 5.25" diskettes, though if the 
       virus is memory resident, it will redirect any attempt to read the 
       diskette's boot sector to sector 17, which may trigger some anti- 
       viral utilities into thinking the diskette is infected.  Sector 17 
       will contain a sector from the root directory of the diskette, and 
       not a copy of the diskette's boot sector. 
 
       If the user attempts to access a write-protected diskette, such as 
       to execute a program from it, a "Sector not found error reading 
       drive" error may occur. 
 
       World Peace is a stealth virus.  If World Peace is memory resident 
       and the user attempts to view or access the boot sector, the World 
       Peace virus will present the original boot sector instead of the 
       real, infected boot sector.  Thus, anti-viral utilities unaware of 
       World Peace in memory will not be able to detect any change in the 
       boot sector. 
 
       When World Peace is not memory resident, the following text strings 
       can be found within the boot sector of infected diskettes: 
 
               "World Peace" 

Show viruses from discovered during that infect .

Main Page