Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Michelangelo

This boot virus is one of the virus Stoned variants. It is called Michelangelo because of its activation day – March 6th. On March 6th in the year 1475 in the vicinity of Florence the famous renaissance painter and sculptor Michelangelo was born. When the system is loaded from an infected diskette the virus decreases the amount of DOS usable memory by 2 KB. It does so by means of manipulating the BIOS variable on the address 0:413h. The virus moves into the memory area created in this way, hooks the interrupt INT 13h and infects the hard disk’s MBR. Upon approaching the floppy disk in the drive the virus infects the boot sector; stores the original contents to side 0, cylinder 0, sector 3 in case of a 360K diskette. In case of all other diskettes it moves the boot sector to side 0, cylinder 1, sector 14. The virus stores the hard disk’s MBR to the seventh sector of side 0, cylinder 0. It recognizes itself by the first four bytes of the boot sector, which are E9/AC/00/F5. And on March 6th it overwrites a part of the hard disk.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.