Brain is possibly the oldest virus known on the DOS platform, as it was first detected in January '86.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Several variants of this virus are known, but most of them are fairly harmless. One harmful variant has been reported, which was designed to attack on May 5. 1992. This virus is rather large and most of it is located in sectors that are marked as "bad" in the FAT. One of the most interesting details regarding the Brain virus is the following text, which appears inside it:
Welcome to the Dungeon (c) 1986 Basit & Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE :430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination............ $#@%$@!!
These messages have led to considerable speculation regarding the possible author(s) of the virus. Later investigation determined that the authors of the virus had indeed included their authentic contact details in the virus, though they claimed their intentions in creating the program had not been malicious.In another version of the virus, the text looks like this:
Welcome to the Dungeon (c) 1986 Brain & Amjads (pvt) Ltd. VIRUS_SHOE RECORD v9.0 Dedicated to the dynamic memories of millions of virus who are no longer with us today - Thanks GOODNESS!! BEWARE OF THE er..VIRUS :This program is catching program follows after these messeges..... $#@%$@!!
Nowadays Brain is extinct.
Before this virus infects diskettes, it looks for a "signature". This makes it possible to "inoculate" against it, just by putting the signature in the correct place in the boot sector. The Brain virus tries to hide from detection by hooking into INT 13. When an attempt is made to read an infected boot sector, Brain will just show you the original boot sector instead. This means that if you look at the boot sector using DEBUG or any similar program, everything will look normal, if the virus is active in memory. This means the virus is the first "stealth" virus as well.
The major effect of this virus is a (fairly harmless) change of the volume label. It usually becomes:
but one variant of the virus changes the text into: