Category :


Type :


Aliases :

Brain, Virus:Boot/Brain


Brain is possibly the oldest virus known on the DOS platform, as it was first detected in January '86.


Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Several variants of this virus are known, but most of them are fairly harmless. One harmful variant has been reported, which was designed to attack on May 5. 1992. This virus is rather large and most of it is located in sectors that are marked as "bad" in the FAT. One of the most interesting details regarding the Brain virus is the following text, which appears inside it:

Welcome to the Dungeon
(c) 1986 Basit & Amjad (pvt) Ltd. 
PHONE :430791,443248,280530. 
Beware of this VIRUS.... 
Contact us for vaccination............ 

These messages have led to considerable speculation regarding the possible author(s) of the virus. Later investigation determined that the authors of the virus had indeed included their authentic contact details in the virus, though they claimed their intentions in creating the program had not been malicious.In another version of the virus, the text looks like this:

Welcome to the Dungeon
(c) 1986 Brain & Amjads (pvt) Ltd. 
Dedicated to the dynamic memories
of millions of virus who are no longer with us today -
:This program is catching
program follows after these messeges..... 

Nowadays Brain is extinct.


Before this virus infects diskettes, it looks for a "signature". This makes it possible to "inoculate" against it, just by putting the signature in the correct place in the boot sector. The Brain virus tries to hide from detection by hooking into INT 13. When an attempt is made to read an infected boot sector, Brain will just show you the original boot sector instead. This means that if you look at the boot sector using DEBUG or any similar program, everything will look normal, if the virus is active in memory. This means the virus is the first "stealth" virus as well.


The major effect of this virus is a (fairly harmless) change of the volume label. It usually becomes:

  • (c) Brain

but one variant of the virus changes the text into:

  • (c) ashar