Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » Stoned.Angelina

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published
Description created 31 Dec 1998 03:00:00
Description updated 26 Nov 2002 04:03:00
Malware type VIRUS
Alias Angelina
Spreading mechanism UNKNOWN
Summary None

Stoned.Angelina

Spreading

In the same way as other system virus, Angelina infects the machine when you boot with an infected diskette in the diskette drive.

The Stoned.Angelina virus then reboots the machine after infection.

The boot sector on the diskette (sector 0) is read into memory, this is the sector where the virus code resides. The virus will then take control over the system and infect the machine when the boot sequence is complete. It copies its own code to cylinder 0, head 0, sector 1 and Master Boot Record (MBR) to cylinder 0, head 0, sector 2. BIOS interrupt 13 is redirected to the virus code.

Angelina does not give any message on the screen when the machine is infected, but the code contains the following text string:


Greetings for ANGELINA!!!/ by Garfield / Zielona Gora
Data will usually not disappear from your hard disk even if you are infected because DOS do not use the same sector as the virus. But problems can arise if the sector is being used by a third-party utility for storing data, for formatting, for encrypting passwords or for overlay drivers (drivers/utils that ensure access to partitions >2GB on computers without BIOS support for LBA - i.e "EZ Drive" and "OnTrack Diskmanager").
Angelina is a memory resident virus and will infect all diskettes not write-protected. You will not loose data when your diskettes are infected, but the infection may cause your files/directories to be inaccessible. These files/directories can be recovered as long as the data is not overwritten.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:15