Threat Description

Stealth_boot

Details

Aliases:Stealth_boot, Nops, AMSE, PMBS, STELBOO, STEALTH_C, STEALTH_B. KOH
Category:Malware
Type:Virus
Platform: W32

Summary



Members of the Stealth_boot family are pretty normal boot sector viruses with stealth capability. However, several of the variants of this virus are quite common all over the world.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Stealth_boot can infect a computer's hard disk only if the computer is booted from an infected diskette, in which case the virus infects the hard disk's Master Boot Record. The virus goes resident in memory the next time the computer is booted from the hard disk. Once in memory, Stealth_boot infects all non-write protected diskettes used in the computer.The stealth routines of the virus hide the infection, making infected boot sectors look clean as long as the virus is Resident, in memory. The virus code is visible after booting from a clean floppy.There are 13 different variants of this virus known (May 1996). The most common variants of this virus do nothing except spread. Stealth_boot.c is especially common all over the world.The Stealth_boot.KOH variants of this virus include an encryption system, which encrypts the hard drive with strong encryption if so wished by the user of the machine. These variants contain dangerous programming errors.The original source code of this virus has been published in a book, which explains the commoness of this virus.





Description Created: Mikko Hypponen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More