The Computer Guys

Miami to Fort Lauderdale Since 1994 - Thank You!

We Build the Best & Repair the Rest! ©

Top 10 malware reported to Sophos in January 1999

This section helps you to understand how it behaves

CMOS4 is a boot sector virus with simple stealth which intercepts all INT 13 reads and if a sector starts with 4D5A 4000 8837 010F it corrupts the next byte into a random value.

CMOS4 does not touch CMOS or the partition table. It infects the master boot sector of hard disks and the boot sector of floppy disks. Its stealth consists of hiding the real boot sectors.

There is a 3 in 256 chance of the virus triggering for each data read.

When triggered CMOS4 examines the data being read to see if it is the start of an EXE file. If it is, and certain conditions regarding the size and nature of that program are met, the virus corrupts the data. A corrupted EXE file would not execute and would not copy cleanly. However, to our knowledge, a program meeting the conditions has never been found, so the payload is for practical purposes harmless.

Enter your search terms Submit search form   Web www.cpucare.com

This webpage is optimized for 800 x 600 monitor resolution or above and the latest web browser.