Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


Bleah is a boot virus with length of 1 sector, i.e. 512 bytes. It infects hard drive’s MBR and boot sectors of diskettes in the drive if they are not write protected.
When the virus is activated it will occupy 1 kb under the top of memory. By means of manipulation with the system variable at the address 0:413h it will decrease the accessible memory for DOS. Into in this way reserved area of memory the virus will move its body and redirect calls from the interrupt INT 8h. By means of this interrupt the virus finds out whether the operating system has already been executed. If so, it will overtake the interrupt INT 13h. At the same time the virus will return the original value to the variable at the address 0:413h so that no decrease of conventional memory is seen. But still, the area of memory occupied by the virus is not a part of the string MBC and there is no threat for the virus body to be overwritten.
The fact that the virus has hooked the interrupt INT 13h means that it can infect diskettes, its body is protected against being overwritten and infection of hard drive’s MBR is disguised. If there is a request to display its contents the original MBR is displayed.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.