Filler Virus

 Virus Name:  Filler 
 V Status:    Rare 
 Discovered:  1991 
 Symptoms:    BSC; Master Boot Sector Altered; decrease in available free 
 Origin:      Hungary 
 Eff Length:  N/A 
 Type Code:   BRhX - Resident Boot Sector & Master Boot Sector Infector 
 Detection Method:  ViruScan, Sweep, F-Prot, 
                    AVTK, IBMAV, NAV, NAVDX, VAlert, ChAV 
 Removal Instructions:  M-Disk/P or DOS SYS for system diskettes 
 General Comments: 
       The Filler virus was submitted in January, 1992.  It was originally 
       reported in the public domain in Hungary in 1991.  Filler is a 
       memory resident infector of diskette boot sectors and the hard disk 
       master boot sector (partition table).  Filler is a stealth virus, 
       when it is memory resident, anti-viral programs will not be able to 
       detect its infection of the hard disk master boot sector, and will 
       have difficulty detecting its presence on diskette boot sectors. 
       When the system is booted from a Filler infected diskette, the 
       Filler virus will install itself memory resident at the top of 
       system memory but below the 640K DOS boundary.  Total system memory 
       will not decrease, but available free memory as indicated by the 
       DOS CHKDSK program will have decreased by 8,192 bytes.  The system 
       hard disk's master boot sector will be infected at this time, if it 
       was not previously infected with Filler. 
       Once the Filler virus is memory resident, it will infect non-write 
       protected diskettes exposed to the system.  The infection of the 
       diskette usually occurs when the boot sector is accessed for some 
       reason.  The Filler virus will write a copy of itself to the last 
       track of the diskette which is not normally accessable by DOS.  It 
       will also store the original boot sector on this track.  The virus 
       then alters the boot sector to point to the viral code. 
       The Filler virus is a stealth virus.  When it is memory resident, 
       scanning infected diskettes will not detect the presence of the 
       Filler virus when using scanning technology.  CRC-type checking 
       programs may be able to determine that the boot sector has been 
       altered.  In the case of the hard disk master boot sector, if Filler 
       is memory resident, neither CRC-type checking or scanning programs 
       will be able to determine the Filler virus's presence.  If you 
       suspect you have a Filler virus infection, power down your system 
       and then reboot from a known uninfected, write protected system 
       diskette, and then check the system with anti-viral software. 
       It is unknown what Filler might do besides replicate. 

Show viruses from discovered during that infect .

Main Page