Threat Description

Yale

Details

Category: Malware
Type: Virus
Platform: W32
Aliases: Yale, Alameda

Summary


One of the oldest viruses known - first found in April '87. It replaces the original boot sector with itself and stores the original boot sector on track 39, head 0, sector 8. This sector is generally not used unless the diskette is almost full.

The first version of the virus contained a POP CS instruction, which only exists on 8088 and 8086 machines. This was "fixed" later, so the virus worked correctly on '286 and later machines.

As this virus is so old, several variants have been created. Some of them have been reported to format the hard disk, when they have infected a predetermined number of diskettes.

All variants of the Alameda virus replicate only when Ctrl-Alt-Del is pressed.

Alameda was probably written on an old IBM PC, by a rather lousy programmer, using the A86 assembler.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.








SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More