Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


MultiAni


Aliases:


MultiAni
La multi ani

Malware
Virus
W32

Summary

This boot virus was found in the wild in Italy, Romania, Czech and Finland in December 1996. The virus does not infect the MBR area on hard drives; instead, it infects the DOS boot sector.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

MultiAni transfers only on floppy disks. Only way to get infected from an infected floppy is to attempt to boot from it. After this, all floppies used in the infected machine will get the infection.

Virus replaces the DOS boot sector with a new copy, which is almost identical to a clean boot sector; only a few bytes differ. Rest of the virus is stored later on the first track (on hard drives) or to the root directory area (on floppies).

MultiAni activates in December by random. When it activates, it enters a loop where it displays this text forever:

La multi ani !
        La multi ani !
        La multi ani !
		
		

'La multi ani' is Romanian and means 'Happy new year'.

The virus contains no directly destructive code.

F-Secure anti-virus products disinfect floppies infected by this virus. To disinfect hard drives, boot from a clean floppy with exactly the same operating system and SYS.COM utility and type SYS C:





Technical Details: Peter Szor, F-Secure, 1996



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.