Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Empire Monkey

This is a stealth boot virus related to the virus Stoned . At each attempt to load the system from an infected diskette the virus reserves 1 KB below the top of memory for its own use while decreasing the size of DOS usable memory by the same amount. It attacks the hard disk’s MBR while the original contents are encrypted and moved to cylinder 0, side 0, Sector 3. Upon an attempt to load the system from the system diskette, the system cannot find a valid table of disk specification in the first physical disk sector which is occupied by the virus body. As a result the following message is displayed:

Invalid drive specification

Attempts to recover MBR by means of command FDISK /MBR lead to data loss. In the virus body the following string is encoded:

Monkey

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.