1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar



Feint, INT_7F



DelCmos is a typical boot sector virus. It is only able to infect a hard disk when you try to boot the machine with an infected diskette in drive A:. At this time the virus infects the Master Boot Record (MBR) of the hard drive, and after that it will go resident to high DOS memory during every boot-up from the hard disk. Once the virus gets resident to memory, it will infect practicly all non-write- protected diskettes used in the machine.

DelCmos allocates two kilobytes of memory while it is active. This can be seen as a decrease in the total amount of DOS memory - it drops from 640kB to 638kB. DelCmos assumes that the machine has full 640kB of DOS memory. This is not always the case, as some systems reserve a kilobyte or two for internal BIOS needs. In this case, DelCmos will just crash the machine every time it's booted after the infection.

DelCmos also assumes the A: drive of the machine to be a 3.5" HD (1.44MB) drive. If it's a 5.25" drive or a 3.5" DD or ED drive, floppies may be corrupted during infection. They can be fixed with the FIXBOOT program.

DelCmos.A contains a routine to overwrite the CMOS SETUP information. DelCmos.B has this activation routine removed; it does nothing except spreads.

DelCmos.A is known to be in the wild in the USA. DelCmos.B was reported to be in the wild in Spain in January 1996.

Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Description Created: Mikko Hypponen, F-Secure

Submit a sample

Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.