A program that secretly and maliciously integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
Virus:Boot/Brain is possibly the oldest virus known on the DOS platform, as it first detected in January '86. Several variants of this virus are known, but most of them are fairly harmless. One harmful variant has been reported, which was designed to attack on May 5. 1992. This virus is rather large and most of it is located in sectors that are marked as "bad" in the FAT. One of the most interesting details regarding the Brain virus is the following text, which appears inside it:
- Welcome to the Dungeon (c) 1986 Basit & Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE :430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination............ $#@%$@!!
These messages have led to considerable speculation regarding the possible author(s) of the virus. Later investigation determined that the authors of the virus had indeed included their authentic contact details in the virus, though they claimed their intentions in creating the program had not been malicious.In another version of the virus, the text looks like this:
- Welcome to the Dungeon (c) 1986 Brain & Amjads (pvt) Ltd. VIRUS_SHOE RECORD v9.0 Dedicated to the dynamic memories of millions of virus who are no longer with us today - Thanks GOODNESS!! BEWARE OF THE er..VIRUS :This program is catching program follows after these messeges..... $#@%$@!!
Nowadays Brain is extinct.
Before this virus infects diskettes, it looks for a "signature". This makes it possible to "inoculate" against it, just by putting the signature in the correct place in the boot sector. The Brain virus tries to hide from detection by hooking into INT 13. When an attempt is made to read an infected boot sector, Brain will just show you the original boot sector instead. This means that if you look at the boot sector using DEBUG or any similar program, everything will look normal, if the virus is active in memory. This means the virus is the first "stealth" virus as well.
The major effect of this virus is a (fairly harmless) change of the volume label. It usually becomes:
- (c) Brain
but one variant of the virus changes the text into:
- (c) ashar