Virus:Boot/Stoned is a simple virus that seems to have been designed to be harmless. Due to a mistake however, it did not quite work out that way. Stone is able to infect the boot sectors of floppy disks. The virus has spawned a large number of variants.
Stoned was one of the most widespread viruses in existence.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
On an infected diskette, the original boot sector is stored on track 0, head 1, sector 3. This is the last sector of the root directory on a 360K diskette, so this will work unless the root directory contains more than 96 files, which is rather unlikely. Overwriting this sector on a 1.2M diskette is, however, much more likely to cause damage.
A computer infected with this virus will sometimes display the following message when it starts.
Your computer is now stoned.
There are a large number of Stoned variants, many with no significant differences. The most notable are:
This variant is one of several politically motivated viruses and contains the message:
This virus contains the string "The Swedish Disaster", which may indicate it was written in Sweden.
Closely related to the original Stoned, Manitoba's main difference is that on floppies it doe not store the original boot sector anywhere, just overwrites it. Manitoba allocates two kilos of memory while in resident and corrupts 2.88MB EHD floppies while infecting them. Manitoba has no activation routine. It was probably written in the University of Manitoba.
NoInt was also known as Stoned III. It infects boot sectors on diskettes and Master Boot Records (MBRs) on hard disks. It infects a hard disk only if you try to boot from an infected diskette. The virus will be loaded into memory if the hard disk is infected and the machine is booted from it. Once the virus is in the memory, it will infect all diskettes that are used in the machine, unless the diskettes are write protected. It is sufficient to enter a command like DIR A: to get a diskette infected.
NoInt tries to prevent other programs from detecting it by causing read errors if partition table is tried to access. It does not do anything else visible and it does not contain any texts inside it. It is possible though that it causes damage to directories indirectly. The amount of base memory decreases by 2 kB.
This virus is a standard boot sector infector that will infect the MBR or the boot sector of a floppy. If the computer is booted from an infected floppy, the virus immediately attempts to infect the MBR of the hard disk.
Once Flame is active in memory, any operation on a non-infected floppy will result in infection. Virus reserves 1KB of DOS memory. The virus stores the original boot sector or MBR at cylinder 25, sector 1, head 1 regardless of what media is infected.
Flame saves the current month when it infects a system. When the month changes, it activates by displaying coloured flames on screen and overwriting the MBR.
This Stoned variant has stealth-mechanisms. It is probably made in Poland and contains the following texts:
Zielona Gora is a town in Poland. In October 1995, Angelina was found on new Seagate 5850 (850MB) IDE drives which were still factory sealed.