MultiFace Virus
Results 1 to 4 of 4

Thread: MultiFace Virus

Hybrid View

  1. January 13th, 2001, 01:31 PM #1
    WildTech
    WildTech is offline
    Registered User WildTech's Avatar
    Join Date
    Apr 1999
    Location
    Indiana
    Posts
    397

    Cool MultiFace Virus

    Hey gang,

    Has anyone out there had any success removing and repairing the damage done by the Multiface Virus. I can find very little info on this particular virus on the web. Thanks

    ------------------

    WildTech
    MasterMind Computers ... Bring your PC to the Master!!

    [This message has been edited by WildTech (edited January 13, 2001).]
    Reply With Quote Reply With Quote
  2. January 13th, 2001, 06:10 PM #2
    furlong47
    Guest

    Post

    Don't know if you had this info or not (from norton)

    MultiFace
    Aliases: Face, Mface, Multi-Face
    Infection length: 1,441 bytes
    Area of infection: .SYS files, .COM files, .EXE files
    Likelihood: Common
    Region reported: U.S.A.
    Characteristics: Wild, memory resident
    Target platform: DOS
    Trigger date: None

    Description:
    MultiFace is a virus that infects the first .SYS file in the CONFIG.SYS file of the COMSPEC directory. The next time the user boots the infected computer, the virus goes active in memory and begins infecting .EXE and .COM files. MultiFace changes the infected program’s time and date stamp to the date and time of infection.

    When active, MultiFace has been known to display multiple smiley faces on the screen. Running .COM files from a write-protected floppy disk may result in write-protect error messages.




    ------------------
    "640 K ought to be enough for anybody."
    --Bill Gates, 1981

    Amateur Radio Callsign KB3FHH
    Reply With Quote Reply With Quote
  3. January 13th, 2001, 06:19 PM #3
    furlong47
    Guest

    Post

    McAfee too:

    Virus Name
    Multi-Face
    Date Added
    1/15/92

    Virus Characteristics
    Multi-Face is a memory resident, file infecting virus. It infects .COM files, including COMMAND.COM.
    Upon infection, this virus becomes memory resident in low available system memory. Interrupts 08, 13, and 21 are hooked by the Multi-Face virus in memory.

    After the Multi-Face virus is memory resident, it infects .COM files.

    Additional Comments:
    The Multi-Face virus was submitted in January, 1992. Its origin or point of original isolation is unknown. Multi-Face is a memory resident infector of .COM programs, including COMMAND.COM. The first time a program infected with the Multi-Face virus is executed, this virus will install itself memory resident in low available system memory. Memory mapping utilities may indicate that the Config area of memory has increased in size by 1,456 bytes. The DOS CHKDSK program will indicate that available free memory has decreased by approximately 64K in addition to the 1,456 bytes in size by the virus. Interrupts 08, 13, and 21 will be hooked by the Multi-Face virus in memory. After the Multi-Face virus is memory resident, it will infect .COM programs, including COMMAND.COM, when they are executed. Infected programs will have a file length increase of 1,441 bytes with the virus being located at the end of the infected file. The file's date and time in the DOS disk directory listing will have been updated to the current system date and time. Symptoms of an infection of the Multi-Face virus are that a minor system slowdown will have occurred. The slowdown is most noticable when the system display is scrolled. .COM program date and time in the DOS disk directory listing will have been updated when programs are executed if the system date is different from the program date. Write protect errors will occur when attempting to execute .COM programs on write protected diskettes. Lastly, multiple smiley face characters may appear on the system display, moving around the other characters on the screen.

    Indications Of Infection
    Memory decreases by approximately 64K in addition to the 1,456 bytes in size by the virus. Infected files have a file length increase of 1,441 bytes. The virus is located at the end of the infected file. The file's date and time in the DOS disk directory listing are updated to the current system date and time.

    Symptoms of an infection of the Multi-Face virus are that a minor system slowdowns occur.

    Method Of Infection
    The only way to infect a computer with a file infecting virus is to execute an infected file on the computer. The infected file may come from a multitude of sources including: floppy diskettes, downloads through an online service, network, etc. Once the infected file is executed, the virus may activate.




    ------------------
    "640 K ought to be enough for anybody."
    --Bill Gates, 1981

    Amateur Radio Callsign KB3FHH
    Reply With Quote Reply With Quote
  4. January 13th, 2001, 08:04 PM #4
    WildTech
    WildTech is offline
    Registered User WildTech's Avatar
    Join Date
    Apr 1999
    Location
    Indiana
    Posts
    397

    Cool

    Yeah, I saw those already but thanks for the effort. I was hoping someone knew of a magic wand fix I could use to get rid of it. Looks like a reformat to me.......hehe

    ------------------

    WildTech
    MasterMind Computers ... Bring your PC to the Master!!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules