Stealth_boot can infect a computer's hard disk only if the
computer is booted from an infected diskette, in which case the
virus infects the hard disk's Master Boot Record. The virus goes
resident in memory the next time the computer is booted from the
hard disk. Once in memory, Stealth_boot infects all non-write
protected diskettes used in the computer.
The stealth routines of the virus hide the infection, making
infected boot sectors look clean as long as the virus is resident
in memory. The virus code is visible after booting from a clean
There are 13 different variants of this virus known (May 1996).
The most common variants of this virus do nothing except spread.
Stealth_boot.c is especially common all over the world.
The Stealth_boot.KOH variants of this virus include an encryption
system, which encrypts the hard drive with strong encryption if so
wished by the user of the machine. These variants contain dangerous
The original source code of this virus has been published in a book,
which explains the commoness of this virus.
[Analysis: Mikko Hypponen, F-Secure]