baphometh.153
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Baphometh.1536
It is a dangerous memory resident multipartite virus. It infects the MBR of the hard drive, boot sector of floppy disks and writes itself to the end of COM and EXE files that are executed.
While infecting the MBR the virus overwrites the Disk Partition Table, as a result the MBR cannot be disinfected by the "FDISK /MBR" command. The virus also deletes the C:\WINDOWS\SYSTEM\IOSUBSYS\HSFLOP.PDR file. It contains the encrypted text string:
Baphometh v2 ~CAD
When an infected file is executed the virus infects the MBR, hooks INT 21h, stays memory resident and then affects executable DOS files. On loading from infected disk the virus hooks INT 8 (timer), INT 13h, waits for DOS loading process and then hooks INT 21h. By hooking INT 13h the virus runs its floppy disk infection and stealth routines - on accessing to infected MBR or boot sector the virus replaces it with its original code and data.
Copyright @2006 baphometh.153