Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

NYB (New York Boot)

Aliases: Houston.B1 (Norman) NYB.A (F-Prot) Virus.Boot.NYB (AVP)

Type: Bootsector virus

Affects: DOS (Target)

The New York Boot virus (NYB) is a very simple virus that infects Master Boot Records and DOS boot sectors. NYB was discovered in the year 1995. NYB can only spread to a system when the system was booted from an infected floppy disk.

Upon boot process, NYB loads the Master Boot Record into memory and determines the status of infection. If the Master Boot Record is not infected, the New York Boot virus saves this clean Master Boot Record at cylinder 0, side 0, sector 17 on the primary boot hard disk before it writes the virus code into the Master Boot Record at cylinder 0, side 0, sector 1 to the primary boot hard disk.

If the NYB runs active in the memory, for instance after a successful boot progress with a infected Master Boot Record, the virus takes advantage of stealthing technologies by redirecting all disk read access to the infected Master Boot Record or the infected DOS Boot Sectors to the clean copy of the MBR/DBS which the virus has stored before infection on the hard disk.

That said: A virus scanner which tries to scan the infected MBR would scan the clean MBR instead.

Note: On Floppy Disks the original Dos Boot Sector is backed up into the last sector of the root directory.

The virus will infect all non-write protected floppy disks on an infected machine.
NYB allocates 1024 bytes of DOS base memory for temporary storing MBR's and DBS's.

Every 512th floppy disk access the virus starts its first payload - it will continuously move the floppy disk head from track 0, sector 0 to track 255, sector 62.

Note: Standard floppy drives do not have such seeking areas, therefore you might hear the noise of the floppy disk repeatedly during seeking.

The 2nd part of the payload of the NYB virus crashes the machine, if the hard disk is accessed exactly at 00:00 clock (midnight)

Other Details:

The virus might damage older floppy drives with "overseeking".