Virus.Boot.Ekaterinburg

Class Virus
Platform Boot
Description

Technical Details


It’s a not dangerous memory resident boot virus. On loading from infected disk
it copies itself into Interrupt Vectors Table and hooks INT 13h. Then it
writes itself into boot sectors of floppy disks. MBR of hard drive is
infected on loading from infected floppy. Depending on the system timer
value the virus erases the screen and waits for keystroke. It contains
encrypted text string “Ekaterinburg”.