Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


This is one of the oldest and biggest virus families. Thanks to the fact that the source text of the virus was repeatedly published in press a large amount of variants was created. It is a boot virus. When an attempt is made to load the system from an infected diskette the virus writes its body into the first sector of side zero of the hard disk. The original contents of that sector are moved to the seventh sector of side zero of the hard disk. In case of infecting a diskette the boot sector is written to the third sector of the side zero (first cylinder). That may cause (depending on the type of disk or diskette) overwriting of a part of the root directory or FAT. When the operating system is loaded from hard disk, as first the limit of usable memory is decreased and the virus moves above it. It redirects the service of interrupt INT 13h (disk service of BIOS) to itself, loads the original boot sector into memory and gives the control over to it. During the system work it monitors reading through INT 13h and if the user works with a diskette, it attacks it. This scheme was used by many other families of boot viruses. When booting from an infected diskette the original Stoned displays in one out of eight cases the following text:

Your PC is now Stoned!

In addition to this its body contains also the following string: LEGALISE MARIJUANA!

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.