Virus paranoia?




In your Virus Killers article (May 1997, p78), in the box entitled The Virus Hall of Shame, you talk about AntiEXE -- a virus that, to me, seems to start up just by looking at a floppy! It is suggested that it can be executed just by typing a dir command.
Does this mean every time I run Explorer to view an infected floppy, the virus is going to be executed?
- Brian West


AntiEXE is a Master Boot Record (MBR)/Boot Sector (BS) virus. In common with other viruses of this type, it will only infect your system if you boot from an infected floppy. Although most of us don't usually boot from floppy disks, it is easy enough to do so by accident -- if a floppy happens to be in the drive when you switch on your computer, the virus code will be executed. And once this occurs, AntiEXE will install itself on your hard disk by replacing the MBR with its own code. Executing a dir a: command will not transfer the virus to your hard disk, but if the system is already infected, then this command will definitely be enough to infect the floppy.
AntiEXE doesn't seem to be as malicious as some of its cousins, but there is some disagreement as to what it does. According to one report, total system memory appears to shrink by a kilobyte (not too serious). Another report suggests that AntiEXE targets and disables an unknown EXE file, sized 200,768 bytes (probably not too serious either). But I've also read that the virus will overwrite disk sectors if you happen to press <Ctrl>-<Break> while the virus is accessing your disk (help!). And the icing on the cake is that, as a "stealth" virus, AntiEXE is able to hide itself, and may not be detected by all virus scanners.
Readers with strong constitutions can discover all the gory details about AntiEXE and many other viruses at http://www.mcafee.com and http://www.datafellows.com/vir-info.
- Neville Clarkson


Category: Viruses
Issue: Aug 1997
Pages: 162

These Web pages are produced by Australian PC World © 1997 IDG Communications