This boot virus was found in the wild in Italy, Romania, Czech and
Finland in December 1996. The virus does not infect the MBR area on
hard drives; instead, it infects the DOS boot sector.
MultiAni transfers only on floppy disks. Only way to get infected
from an infected floppy is to attempt to boot from it. After this,
all floppies used in the infected machine will get the infection.
Virus replaces the DOS boot sector with a new copy, which is almost
identical to a clean boot sector; only a few bytes differ. Rest of
the virus is stored later on the first track (on hard drives) or
to the root directory area (on floppies).
MultiAni activates in December by random. When it activates,
it enters a loop where it displays this text forever:
La multi ani !
La multi ani !
La multi ani !
'La multi ani' is Romanian and means 'Happy new year'.
The virus contains no directly destructive code.
F-Secure anti-virus products disinfect floppies infected by this
virus. To disinfect hard drives, boot from a clean floppy with exactly
the same operating system and SYS.COM utility and type SYS C:
![](/images/pixel.gif"){kind=tracking}
