Virus.Multi.Lithium

It is not a dangerous memory resident multipartite polymorphic and

stealth virus. It infects COM, EXE files, the MBR of the hard

drive and boot sector on floppy disks. When an infected file is executed,

the virus infects the MBR and returns control to the host program. While

loading from infected disk the virus hooks INT 13h, waits for DOS loading,

then hooks INT 21h. By hooking INT 13h the virus infects floppy disk boot

sector and run its stealth routine while accessing to the infected disks.

By hooking INT 21h the virus also runs its stealth routine as well as

affects DOS executable files that are accessed. The virus disables its

stealth routines when PKZIP or BACKUP utilities are active. The virus also

checks the file names and does not infect several anti-viruses and

utilities according to the list:

CHKD F- VIR SCAN CLEAN VSHI ITAV SKUD AVIR MSAV CPAV VSAF VWAT NAV THS TB
VI- FLU ATP DOO WOLF QUA

Depending on the system date the virus runs some video effect. The virus

contains the text strings:

Lithium
Nuotando nel miele
Accecati dalla luce
Oppressi dalla liberta’
Nauseati dai falsi e facili sorrisi
Lottiamo per trovare qualcosa in cui credere.
Le note della rabbia e dell’instabilita’
sono il detonatore della voglia di proseguire…
…’CAUSE WE’RE ALIVE!
You’llKnowWhatNITROMeans!
byATPY
GENOCIDEYouthEnergy