just had a customer come in with this virus on their computer. I was able to successfully clean it from the system, but have been trying to find out any information regarding it. I checked with SARC but haven't been able to find anything. Has anyone out there run across this virus before?

Mike

What program did you use to quarentine it. And what was the virus name "monkey.1"?

Is there any other info you can give us?

http://www.cai.com/virusinfo/encyclopedia/


Monkey (Also known as Hemoroid)
Stealth virus that encrypts and hides the original Master Boot Record, overwriting the partition table.

This virus originated in Europe in December 1993 and is based on the Stoned virus. Monkey has no known warhead, but if you boot from an uninfected system disk you will not be able to access the hard drive from DOS.

When Monkey infects a hard disk, it stores the encrypted (XORed with a constant) MBR in cylinder 0, head 0, sector 3 and then copies itself to cylinder 0, head 0, sector 1, overwriting the partition information. Monkey is a stealth virus and when active in memory it hides its presence on disk by returning the original MBR when the user tries to read cylinder 0, head 0, sector 1. The original DOS Boot Sector is hidden in the last sector of the root directory (floppies only) and can therefore cause the loss of up to 16 directory entries. When a new floppy is accessed on an infected system, the chance that Monkey will infect its DOS boot sector are 1 in 4.

& heres the SARC version.
http://www.symantec.com/avcenter/venc/data/stoned.empire.monkey.html

I suck :(

What scanner do you use? and which is the best out of theM? :p