BFD Virus


 Virus Name:  BFD 
 Aliases:     BFD-452 
 V Status:    Rare 
 Discovery:   July, 1992 
 Symptoms:    BSC; .EXE files altered; decrease in total system & available 
              free memory; high density diskettes may fail to boot 
 Origin:      United States 
 Eff Length:  452 Bytes Overwriting 
 Type Code:   ORhEB - Overwriting Resident Boot Sector & .EXE Infector 
 Detection Method:  ViruScan, Sweep, F-Prot, AVTK, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, LProt, IBMAV/N, 
                    NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The BFD virus was isolated in the United States in July, 1992.  This 
       virus is a memory resident multi-partite virus which infects diskette 
       boot sectors and .EXE programs.  It should be considered a stealth 
       virus as infected programs do not have any file length increase but 
       execute properly, and it will infect files on open.  It spreads 
       very quickly. 
 
       The first time a program infected with the BFD virus is executed, 
       this virus will infect the current drive's boot sector if the 
       current drive is a floppy drive.  It will also access the C: 
       drive, though the C: drive's boot sector will not become 
       infected.  Also at this time, the virus will install itself 
       memory resident at the top of system memory but below the 640K 
       DOS boundary.  Total system and available free memory, as indicated 
       by the DOS CHKDSK program, will have decreased by 2,048 bytes. 
       Interrupt 13 will be hooked by BFD in memory.  The user should 
       note that BFD can also become memory resident by booting from 
       an infected diskette.  The same memory allocation will occur. 
 
       Once the BFD virus is memory resident, it will infect .EXE programs 
       when they are executed or opened, as well as diskette boot sectors 
       when a non-write protected diskette is accessed.  Infected .EXE 
       programs will have no file length increase regardless of whether 
       the virus is memory resident.  The BFD virus infects programs by 
       writing its viral code to the .EXE header area of the file. 
       Infected programs will not have any change in file date and time 
       in the DOS disk directory listing.  No text strings occur within 
       the viral code in infected programs. 
 
       When the BFD virus infects diskettes, it overwrites the boot 
       sector.  The boot sector will be missing the usual DOS error 
       messages.  In the case of high density 5.25" system disks, attempts 
       to boot from the diskette after infection will fail, resulting 
       in a hung system. 
 
       BFD doesn't appear to do anything besides replicate. 
 
       Known variant(s) of BFD are: 
       BFD-452: A 452 byte variant of the BFD virus described above. 
                Origin:  USSR  December, 1992

Show viruses from discovered during that infect .

Main Page