Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


Qrry is a simple boot virus. When an attempt is made to boot system from an infected diskette the virus infects the hard disk’s MBR and installs itself into the memory. It decreases the amount of memory for DOS by 1 KB. When it is installed into memory the virus infects all diskettes that are not write-protected. The virus contains a code which tests the current month – if it finds out it is December it overwrites several sectors on the disk. The virus saves the original MBR or diskettes boot sector onto sector 9 side 39 under cylinder 1. It does not protect this sector in any way and it does not test whether it is used, either. That may lead to data loss. The virus identifier which is tested at infection is word 0ABCDh on offset 170h in diskette boot sector or hard disk’s MBR. Name of the virus is derived from the string “QRry” which can be freely seen in the infected boot sector.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.