Details Anticmos It is a dangerous boot and MBR infector. On booting from infected floppy it infects the MBR of the hard drive, then it hooks INT 13h and infects the boot sector of the floppy disks. While infecting a disk the virus does not save the original sector. Sometimes it erases the CMOS memory. “Anticmos.Lixi” contains the string: I am Li Xibin! The virus infection routine is a little bit buggy: while infecting boot sectors on floppy drives it overwrites a part of boot sector system data (miscellaneous fields: volume label, serial number, file system ID, and some other fields that are useful on hard drive boot sector only). These data are overwritten by virus installation routine. While disinfecting affected floppy disks many anti-virus programs leave this part of virus code as-is, and these “virus traces” can be detected by other anti-virus programs (for example, AVP detects them as an unknown variant of “Anticmos” virus). The AVP anti-virus disinfection routine cleans the virus correctly: it removes not only the rest of virus code, but this installation routine too, and floppy disks disinfected by AVP do not cause any alarms.

Leave a Reply

Your email address will not be published. Required fields are marked *