Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » Parity_Boot

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published
Description created 04 Apr 2000 03:00:00
Description updated 26 Nov 2002 04:27:00
Malware type VIRUS
Alias
Spreading mechanism UNKNOWN
Summary None

Parity_Boot

Spreading

This virus infects System Boot sector on diskettes and Master Boot sector on hard disks. It does not infect files.  The only way your PC can be infected is by starting the computer with an infected diskette in the diskette drive. A diskette is infected if you insert a diskette which is not write protected in an infected computer's diskette drive and press Ctrl+Alt+Del.

The virus reserves 1 kb conventional memory to itself and infects all diskettes which are not write protected, used on the infected PC.

The virus uses "Stealth" techniques in such a way that it cannot be removed while loaded in memory. A boot sector infected by this virus will appear "clean" during a control while the virus is memory resident.
 

Payload Details

n/a

Analysis

n/a

Removal

Run a scan of your disk(s) to detect and clean this virus, then turn off your computer and start it again, (see below why you have to turn it off). You can now perform a new scan just to make sure your computer is clean from viruses. [If you run DOS 5.x or later you may on your own risk use the command FDISK /MBR to remove the virus from the hard disk.] The Parity_Boot virus will survive a warm boot (Ctrl+Alt+Del) of the computer. Therefore it is very important to turn off the computer when you boot with the abovementioned boot diskette. The remoal instructions above are for computers with FAT file system. Contact Lumension for instructions if you run Windows NT with NTFS file system.


Last Updated: 12 Nov 2015 11:06:12