Virus Encyclopedia
Welcome to the Virus Encyclopedia of Panda Security.
Polyboot.B | |
Threat Level Damage Distribution |
At a glance
|
Common name: | Polyboot.B |
Technical name: | Polyboot.512.B |
Threat level: | Low |
Type: | Virus |
Effects: | It infects floppy disks and the boot sector of the hard disk.
|
Affected platforms:
| MS-DOS |
First detected on: | May 8, 2002 |
Detection updated on: | June 4, 2003 |
Statistics | No |
Family: | ANTICMOS |
Brief Description | |
Polyboot.B is a boot virus that does not have any destructive effects, which infects the boot sector of hard disks (Master Boot Record or MBR) and floppy disks (Boot).
Polyboot.B goes memory resident in order to infect the MBR of the hard disks in the infected computer and the Boot of the floppy disks used.
Once the computer is infected, Polyboot.B infects all floppy disks used in the computer, provided that they are not write-protected.
|
Visible Symptoms | |
The only indication that Polyboot.B has infected a computer is that it has problems starting.
|
Tech details
Effects |
Polyboot.B does not infect files and it has not any destructive effects in the computer. Polyboot.B has the following effects:
- It infects the boot sector of floppy disks (Boot) and hard disks (Master Boot Record).
- It infects all floppy disks used on the affected computer, provided that they are not write-protected.
- It prevents the computer from starting up correctly.
|
Infection strategy
Polyboot.B infects the boot sector of hard disks and floppy disks. It has the following routine:
- It copies the original boot sector in the final sectors of the first track.
- It copies the virus code to the first sectors of the disk.
- By doing this, it goes memory resident. From then on, it can infect all floppy disks used on the computer.
Means of transmission
Polyboot.B only spreads through floppy disks, in the following way:
- It infects the hard disk of the computer, when it is booted from a floppy disk infected by the virus.
- It infects all floppy disks used in the affected computer. These floppy disks will then infect other computers.
Further Details
Other interesting characteristics of Polyboot.B are:
- Part of its virus code is encrypted through a simple function with a one byte mask.
- It uses stealth techniques in order to avoid being discovered. When it goes memory resident, it reduces the amount of conventional memory that can be seen from MS-DOS by two kilobytes. At the same time, it copies its virus code in the top of the conventional memory and it goes memory resident.
- The code of Polyboot.B contains the following text: 31/03/98 WYX.