Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

image
50% off Panda Dome for all your devices! For a limited time only!
-50%
My Account

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

AntiCMOS.Boot
Threat LevelLow threat
DamageHigh
DistributionNot widespread

Effects

When AntiCMOS.Boot is run, it infects the boot sector of floppy disks (Boot) and of hard disks (Master Boot Record or MBR), carrying out the following actions:
  • It overwrites the original boot sector with an infected copy.
  • It infects all the floppy disks used on the affected computer, provided that they are not write-protected.

Infection strategy

AntiCMOS.Boot follows the infection routine below:

  • It infects the computer when it is booted from a floppy disk infected by the virus.
  • From the infected floppy disk, AntiCMOS.Boot goes memory resident.
    It occupies 2 Kbytes in the TOM (Top Of Memory).
  • From the memory, AntiCMOS.Boot infects all the floppy disks used on the computer.
    In order to do this, it intercepts the interrupt INT13, which provides the BIOS services of the hard disk.
  • AntiCMOS.Boot checks if it is being run from the boot sector of a floppy disk or from the MBR of a hard disk.
    If it is being run from the boot sector, it reads the Master Boot Record of the hard disk in order to check if it is already infected. If it is not, AntiCMOS.Boot infects it.
  • AntiCMOS.Boot checks if a floppy disk is infected, whenever it is used. If it is not, it infects it.
    AntiCMOS.Boot infects all the floppy disks regardless of whether they are boot disks or not.
  • It replaces the MBR of the hard disk with an infected MBR.
  • It overwrites the hard disk, deleting the information in the boot sector of the hard disk (volume label, serial number, etc).
  • It tries to start up the computer from the infected MBR. AntiCMOS.Boot does not change the Partition table, so the computer can be started up from a virus free boot disk, access the hard disk and solve the configuration problems.

Means of transmission

AntiCMOS.Boot only spreads through floppy disks following the infection routine below:

  • It infects the computer when it is booted from a floppy disk infected by the virus.
  • It infects all the floppy disks used on the affected computer. These floppy disks will then infect other computers.

Further Details

Other interesting characteristics of AntiCMOS.Boot are:

  • The name of the virus is related to the fact that it was originally programmed to write on the CMOS through ports 70h and 71h. As a result, it deleted all the information on the CMOS and the configuration of the hard disk.
  • However, due to programming errors in its code, AntiCMOS.Boot does not carry out these actions.
  • AntiCMOS.Boot comes from China and was first exported to Hong Kong in 1994. In 1995, it was also reported many times in North America for several months.
Anytech logo

Call us 24/7 and get a FREE DIAGNOSIS

+1 (323) 395 2630

logo
About Panda
Company Info
Panda Security Technology
Support for Innovation
Panda Worldwide
Support
Blog
Security Info
Home Users
Products
Downloads
Free Antivirus
Free VPN
Online Antivirus
Reviews
Already a Customer
Business - WatchGuard Technologies
WatchGuard
Endpoint Security
Network Security
AuthPoint MFA
Secure Wi-Fi
Partners
Privacy Policy
Legal Notice
Cookie Policy
Return Policy