Threat Descriptions

BootExe

Classification

Category :

Malware

Type :

-

Platform :

-

Aliases :

BootExe, BFD

Summary

There are two known variants of this virus, which is quite remarkable from a technical point of view. It is very small, and infects EXE files in a remarkable way - inserting itself in unused space between the file header and the actual start of the code. It also infects the DOS boot records of hard and floppy disks.

Disinfection of boot records is little complicated, because the virus does not save a copy of the original boot record. Cleaning can be done in the following way: Use a disk editor to edit the file system type in boot record - virus adds three garbage characters after the type (FAT16 or FAT12), replace these with spaces. You can do this with DOS debug like this: 

c:\>debug
 -l 100 2 0 1
 -e 13b "
 "
 -w 100 2 0 1
 -q

(If you are not familiar with debug or disk editor, it might be a better idea to call F-Secure anti-virus support instead.) After this, issue the command SYS C: from a clean diskette with the same version of DOS than is on the hard disk.

Contact your local F-Secure support if you need further instructions. F-Secure anti-virus products will disinfect the EXE files infected by this virus.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

N/A