Threat description


OTHERNon-resident, EXE-files


The first virus to spread only under the Microsoft Windows 95 operating system was found in January 1996. This virus is of Australian origin. It has not been reported in the wild anywhere in the world, and can not be seen as a serious threat to Windows 95 users.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

This new virus has been named 'Boza'. It infects only Windows Portable Executable EXE files - such files are used by Windows 95 and Windows NT. However, Boza does not infect machines running the Microsoft Windows NT operating system. So far, no viruses written specifically for Windows NT has been found.

Whenever an EXE file infected by Boza is run, it will infect programs in the current directory. One to three EXE files are infected with every execution. After this Boza will execute the code of the original infected file - otherwise the user would notice that something is wrong. Boza does not stay active in memory after execution. For this reason it spreads relatively slow from program to another. The actual infection process is fast enough to go undetected in most machines.

Boza has no destructive routines but it contains a bug, which will in some cases grow an infected EXE file's size by several megabytes. This can reduce free disk space quickly. The virus also has an activation routine which displays texts like 'The taste of fame just got tastier!' and 'From the old school to the new'. This screen is shown if the virus is run on the 31st of any month.

Boza also contains internal texts like:

   Please note: the name of this virus is [Bizatch]      written by Quantum / VLAD  

These texts are never displayed. VLAD is a virus-writers group originating from Australia.

Boza's spreading technique resembles some of the early DOS viruses. When the first DOS viruses were found in 1980's, they were very simple compared to some of the currently known polymorphic multipartite fast infecting stealth viruses. It can be expected that similar evolution will be happening with Windows viruses.

Boza would be totally unremarkable virus otherwise, but since it was the first virus which spreads only under Windows 95, it has received a lot of publicity. Boza will probably never be a real problem for Windows 95 users.

Variant:Boza.B, Boza.C

These are minor variants, apparently they try to fix some bugs, but the results seem to be that they are even buggier than the original version.

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info