NYB Virus


 Virus Name:  NYB 
 Aliases:     B1 
 V Status:    Common 
 Discovered:  January, 1995 
 Symptoms:    BSC; disk seek errors; 
              decrease in total system and available free memory 
 Origin:      Unknown 
 Eff Length:  N/A 
 Type Code:   BRtX - Resident Boot Sector & Master Boot Sector Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAV, 
                    NAVDX, VAlert, PCScan, ChAV 
 Removal Instructions:  DOS SYS on system diskettes; F-Disk /MBR on hard disk 
 
 General Comments: 
       The NYB virus was received in January, 1995 after having been reported 
       by several organizations in the United States for two months.   NYB 
       is a stealth boot virus which infects diskette boot sectors as well 
       as the hard disk master boot sector (partition table). 
 
       The first time a system is booted from a diskette infected with 
       the NYB virus, NYB will install itself memory resident at the 
       top of system memory but below the 640K DOS boundary.  Total system 
       and available free memory, as indicated by the DOS CHKDSK program 
       from DOS 5.0, will have decreased by 1,024 bytes.  Also at this time, 
       the virus will infect the system hard disk master boot sector, 
       containing the partition table, if it was not previously infected. 
 
       Once NYB is memory resident, it will infect diskettes when they 
       are accessed on the infected system.  On double density 5.25" 
       diskettes, the original boot sector will have been relocated to 
       sector 11.  On high density 5.25" diskettes, the original boot 
       sector will have been relocated to sector 28.  In both cases, these 
       sectors are the last sector of the root directory of the diskette, so 
       any files whose directory entries were in these sectors will be lost. 
 
       NYB does not contain any messages which are displayed on boot. 
       Infected systems may experience intermitant seek errors upon disk 
       accesses. 
 
       The reason that NYB is considered a stealth virus is that while 
       it can be detected in memory when resident, it cannot be detected 
       when resident on the system hard disk or diskettes.  If you have 
       reason to believe that you have the NYB virus, power off the system 
       and reboot from a clean write-protected diskette and then check the 
       system hard disk for the virus.  If the virus is found, it can be 
       removed by using the F-Disk /MBR command or copying the original 
       master boot sector back to Side 0, Cylinder 0, Sector 1.  Once the 
       system hard disk has been disinfected, diskettes should be checked 
       for the virus, and disinfected by using either the DOS SYS command 
       on system diskettes or copying the contents of the diskette to a 
       clean, uninfected diskette and overwritting the original diskette 
       with the DOS Format /U command.

Show viruses from discovered during that infect .

Main Page