Brain is possibly the oldest virus known on the DOS platform, as it was first detected in January '86.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note You need administrative rights to change the settings.
Several variants of this virus are known, but most of them are fairly harmless. One harmful variant has been reported, which was designed to attack on May 5. 1992. This virus is rather large and most of it is located in sectors that are marked as "bad" in the FAT. One of the most interesting details regarding the Brain virus is the following text, which appears inside it:
Welcome to the Dungeon (c) 1986 Basit & Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE :430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination............ $#@%$@!!
These messages have led to considerable speculation regarding the possible author(s) of the virus. Later investigation determined that the authors of the virus had indeed included their authentic contact details in the virus, though they claimed their intentions in creating the program had not been malicious.In another version of the virus, the text looks like this:
Welcome to the Dungeon (c) 1986 Brain & Amjads (pvt) Ltd. VIRUS_SHOE RECORD v9.0 Dedicated to the dynamic memories of millions of virus who are no longer with us today - Thanks GOODNESS!! BEWARE OF THE er..VIRUS :This program is catching program follows after these messeges..... $#@%$@!!
Nowadays Brain is extinct.
Before this virus infects diskettes, it looks for a "signature". This makes it possible to "inoculate" against it, just by putting the signature in the correct place in the boot sector. The Brain virus tries to hide from detection by hooking into INT 13. When an attempt is made to read an infected boot sector, Brain will just show you the original boot sector instead. This means that if you look at the boot sector using DEBUG or any similar program, everything will look normal, if the virus is active in memory. This means the virus is the first "stealth" virus as well.
The major effect of this virus is a (fairly harmless) change of the volume label. It usually becomes:
but one variant of the virus changes the text into: