Int40 Virus


 Virus Name:  Int40 
 Aliases: 
 V Status:    In The Wild 
 Discovery:   December, 1996 
 Symptoms:    Boot Sectors Altered; MBR Altered 
 Origin:      Unknown 
 Eff Length:  N/A 
 Type Code:   BRaX - Resident Diskette Boot Sector & MBR Infector 
 Detection Method:  NAV, NAVDX, AVTK, ViruScan, PCScan 
 Removal Instructions:  F-Prot 
 General Comments: 
       The Int40 virus was received in January, 1997.  It has been reported 
       to be in the wild in the United States and Finland since December, 
       1996.  Its origin is unknown.  Int40 is a memory resident boot sector 
       virus which uses stealth techniques to avoid detection. 
 
       When the system is booted from an Int40 infected diskette, this virus 
       will infect the system hard disk master boot record containing the 
       disk partition table.  It also becomes memory resident at this time, 
       as it will if the system is booted from the infected system hard 
       disk.  Int40 installs itself in memory at the location where the 
       interrupt table is usually found, thus there will be no decrease in 
       total system and/or available free memory. 
 
       Once the Int40 virus is memory resident, it will infect any non- 
       write-protected diskette accessed on the system.  The virus is a 
       full stealth virus, and attempts to scan diskettes with the virus 
       memory resident will result in no detection being detected. 
 
       The Int40 virus does not intentionally do anything besides replicate, 
       however since it installs itself into the interrupt table in memory, 
       some applications may not function properly due to compatibility 
       problems with the viral code.

Show viruses from discovered during that infect .

Main Page