Stoned used to be very widespread in the early 1990s.
Nowadays it is almost extinct.
Some boot sector viruses, like Den Zuk, can only infect diskettes, but
other, like New Zealand, can also infect hard disks, where it replaces
the Partition Boot Record, instead of the Boot Sector.
A computer infected with this virus will sometimes display the following
message when it starts.
Your computer is now stoned.
This virus seems to have been designed to be harmless, but due to a
mistake, it did not quite work out that way. On an infected diskette, the
original boot sector is stored on track 0, head 1, sector 3. This is the
last sector of the root directory on a 360K diskette, so this will work
unless the root directory contains more than 96 files, which is rather
unlikely. Overwriting this sector on a 1.2M diskette is, however, much
more likely to cause damage. Numerous variants exist of this virus, with
no significant differences.
Stoned was one of the most widespread viruses in existance.
This variant is one of several politically motivated viruses, but it
contains the message "Bloody! Jun. 4, 1989".
This virus contains the string "The Swedish Disaster", which may indicate
it was written in Sweden.
Closely related to the original Stoned. Main difference is that on
floppies it doesn't store the original boot sector anywhere, it
just overwrites it.
Manitoba allocates two kilos of memory while resident.
Virus corrupts 2.88MB EHD floppies while infecting them.
Manitoba has no activation routine. It was probably written in the
University of Manitoba.
NoInt was also known as Stoned III. It is somewhat related to Stoned.
Stoned.NoInt infects boot sectors on diskettes and master boot
records on hard disks. It infects a hard disk only if you try to
boot from an infected diskette. The virus will be loaded into memory
if the hard disk is infected and the machine is booted from it. Once
the virus is in the memory it will infect all diskettes that are
used in the machine, unless the diskettes are write protected. It is
sufficent to enter a command like DIR A: to get a diskette infected.
NoInt tries to prevent other programs from detecting it by causing
read errors if partition table is tried to access. It doesn't do
anything else visible and it does not contain any texts inside it.
It is possible though that it causes damage to directories
indirectly. The amount of base memory decreases by 2 kB.
This virus is a standard boot sector infector that will infect the MBR or
the boot sector of a floppy. If the computer is booted from an infected
floppy, the virus immediately attempts to infect the MBR of the hard disk.
Once the Stoned.Flame-virus is active in memory, any operation on a
non-infected floppy will result in infection. Virus reserves 1KB of
DOS memory. The virus stores the original boot sector or MBR at cylinder
25, sector 1, head 1 regardless of what media is infected.
Stoned.Flame saves the current month when it infects a system. When the
month changes, it activates by displaying coloured flames on screen and
overwriting the MBR.
[Stoned.Flame analyzed by Jeremy Gumbley, Symbolic, Parma]
This Stoned variant has stealth-mechanisms. It is probably made in
Poland and contains the following texts:
Greetings for ANGELINA!!!/by Garfield/Zielona Gora
Zielona Gora is a town in Poland.
In October 1995, Stoned.Angelina was found on new Seagate 5850
(850MB) IDE drives which were still factory sealed.
See also: Michelangelo, Azusa, Flame, Dinamo and Monkey
![](/images/pixel.gif"){kind=tracking}
