Name         : Waft

     Aliases      : No Aliases

     Type/Size    : Boot/1024

     Clones       : No Clones 

     Symptoms     : No Symptoms

     Discovered   : 22-12-91

     Way to infect: Boot infection

     Rating       : Harmless

     Kickstarts   : 1.2/1.3/2.0

     Damage       : Overwrites boot.

     Removal      : Install boot.

     Comments     : The Waft-Virus allocates Chip-Memory and copies itself
                    into that area.  Furthermore the CoolCapture Vektor is
                    used to stay resdient in memory. 

                    To  infect  other  disks  the virus patches the DoIO()
                    Vector.  But  NO danger for HD Users: The virus checks
                    for  the  trackdisk.device.  If the virus is active in
                    memory  it  always  shows you an original clean DOS1.3
                    bootblock. 


                    ATTENTION:  'THAT'  means  if  you  want  to  see your
                    bootblock  with  a  bootblock utility, you will always
                    see a normal standard one. 

                    This  unik  stealth-method was first used by the Lamer
                    Exterminator  viruses.  Depending  of  infections  the
                    virus gives out the following alert:


                    "  = = = = oderint dum metuant = = = =

                                ! ! WAFT  ! !

                           Quality made in West-Germany"



     SHI - A.D 08-94

[Go back]