A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | Encyclopedia Home
B letter viruses. Scroll down the page to view or choose from the names below:
Back Orifice | Bluemountain | Boot | Brain | Burglar
Back Orifice
Bluemountain Greetings
Boot
Brain
Burglar
If you are unable to find a description for a particular virus, please contact me or post a message in the forum.
Aliases: BO, Orifice
Type: Toolkit sometimes used as a Trojan
Systems Affected: IBM-Compatible PC's
Payload: Remote access to user's system
ITW: Yes
Origin: Cult of the Dead Cow
Description: This toolkit was originally considered a malicious Trojan, as it allows remote access to a user's systems. Once installed, a connection is opened from the user's system to the Internet and the server portion of the toolkit. This allows complete access, including surreptiously.
What to look for: Search for the following key in the HKEY_LOCAL_MACHINE section of the registry:
\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
and look for one of the following values:
(Default) " .exe"
Pay particular attention to the spelling, including spaces and capitalization. If you feel you may have unwittingly become host to Back Orifice, visit Hackfix.org for complete details and specific removal instructions.
WindowsTour ="Tour98.exe"
System Tray = "SysTry.ocx"
How to prevent it: Be cautious when launching executable files over the Internet, via email, or from friends. When in doubt about the integrity, do not execute the file. See Tips for Safety for details on this and other preventative measures.
Aliases:
Type: Hoax
This is a hoax. See the Hoax Encyclopedia for details on Bluemountain Greeting Card hoax and others.
Aliases: Bath, Boot.437
Type: Memory-resident DOS boot sector infector
Systems Affected: IBM-compatible PC's
Payload: No
ITW: Yes
Origin:
Description:Infects the DOS boot sector when booting from an infected floppy. After infection, any non-write-protected floppies used in the system will become infected. To disinfect a system infected by the Boot virus, use a clean PC running the same version of DOS, create a bootable system disk (FORMAT A: /S). Copy SYS.COM onto the floppy and write-protect the floppy. Boot your infected PC from this disk and type SYS C: to transfer a clean DOS boot sector to your hard drive.
What to look for:
How to prevent it: Change CMOS settings to boot from the local hard drive rather than a floppy. See Tips for Safety for details on this and other preventative measures.
Aliases:
Type: Memory resident stealth boot sector infector
Systems Affected: IBM-compatible PC's
Payload: Changes volume label to "(c) brain" or "(c) ashar" depending on variant.
ITW: No
Origin: Pakistan
Description: Description:
While no longer in-the-wild, Brain achieved notoriety for being the first known PC virus. It infected boot sectors, hooking into INT13. If the virus were resident in memory, the boot sector would look normal.
What to look for: Changes in volume label to "(c) brain" or "(c) ashar".
How to prevent it: Change CMOS settings to boot from the local hard drive rather than a floppy. See Tips for Safety for details on this and other preventative measures.
Aliases: Grangrave
Type: Memory resident executable infector
Systems Affected: IBM-compatible PC's
Payload: Displays message; a bug in the virus causes corruption in some .EXE files.
ITW: Yes
Origin: Korea
Description: Description:
Burglar infects executables on the sytem when they are accessed either directly, or via DOS commands such as DIR and ATTRIB. Stealth capabilities are used to hide changes in files sizes due to infection. The virus also prevents itself from infecting .EXE files with the letters S or V in the name (typically found in many anti-virus software applications).
What to look for: If the virus infects at 14 minutes after any hour, it will display a small flashing message, "Buglar/H", in the upper left corner of the screen.
How to prevent it: Change CMOS settings to boot from the local hard drive rather than a floppy. See Tips for Safety for details on this and other preventative measures.
