What is the Michelangelo Virus

What is the Michelangelo Virus?
The Michelangelo virus is considered a  MASTER BOOT  RECORD virus because the
Michelangelo virus infects the Master Boot Record of your hard drive.  The
Master Boot Record controls access to the hard disk.  The activation date for
Michelangelo is March 6 of every year.  If you start your computer on this
date (March 6), the virus will overwrite the first 256 cylinders of your hard
drive.  What this means is all data on your hard drive will be permanently
lost.  There are approximately three (3) strains of the Michelangelo virus as
of February 1994.

How does the Michelangelo Virus Spread?
All floppies have a boot sector, even if they are non-system (non-bootable)
diskettes.  Anytime you start or reset your computer with a system (bootable)
or non-system (non-bootable) diskette, the computer will read the boot sector
of the diskette.  Since the Michelangelo virus is contained in the Boot Sector,
the virus will activate, move into memory and then infect your hard drive.
You will not see this activity at all.  This happens so quickly that you will
receive either an error message such as non-system disk or disk error replace
and press enter or the computer system will boot up to the A: Drive.
Regardless, if you attempt to boot from an infected diskette your hard drive
will be infected with the Michelangelo virus.

Now that your hard drive is infected, every time you boot your system you
will activate the virus into memory. The virus will check the date first and
then sit in memory waiting for you to access a floppy.  For every floppy you
access, the virus will contaminate the floppy boot record.  You can now see
how easy it is to pass a virus from one system to another.

How to repair the Michelangelo Virus:

If Hard Drive is Infected with the Michelangelo Virus:
To repair the Michelangelo virus, first power off the system, and then reboot
from drive A: with a write-protected system (bootable) diskette that has the
same version of DOS that is install on the hard drive. 

You can use one of the following repair procedures:

1.      Boot from a RESCUE diskette created with NAV 3.0, as long as it was
        created before the hard drive was infected.
	
        Once booted up from the Rescue diskette on drive A:, Type RESCUE and
        press Enter.
	
 	Select Restore  and choose both the Boot Record and Partition Table
        Information and press Enter.
	
	
	
2.      Boot from a non-infected MSDOS system (bootable) diskette on drive A:
        	
 	Run the Norton AntiVirus DOS Clinic from either the original
        installation diskettes or from your hard drive.

 	Select all Local Hard Drive and press Enter.

 	Once the Michelangelo virus is detected (but not in memory), choose
        the Repair option and press Enter.

 	If the Michelangelo virus is detected in memory, than the system
        (bootable) diskette is also infected.
	

3.      If you have MS-DOS 5.0 or higher

 	Get to the DOS directory on the hard drive.

 	Type FDISK /MBR and press Enter.

 	Turn off your computer

 	Reboot you computer normally , the Michelangelo virus should be gone.

Note:  Since the only way this hard drive could be infected with the
       Michelangelo virus was through an infected diskette.  You must
       scan all your diskettes for the Michelangelo virus.

If Floppy Diskette is Infected with the Michelangelo Virus:

Make sure you do not try to reboot with this diskette, if you do, you will
infect your hard drive.

If Norton AntiVirus does not repair this virus it's because either you do
not have Norton Antivirus 2.1 or higher and or you do not have the latest
definitions file for your version of Norton AntiVirus.  If this is the case
you can always reformat you diskette that is infected with the Michelangelo
virus.

Note:  It is always wise to have the latest version of NAV and the latest
       definitions for your version.  There are different viruses that might
       act like Michelangelo, but are not.

Because of this, using the FDISK/MBR switch on a non Michelangelo virus
might cause more damage than expected.






Virus Library Description Information

Virus Information:

Virus Names and Aliases:  The most common names by which the virus is known.
Infects: Defines where the virus attacks or infects
         (Boot Records or File Infector).
Likelihood: Options are: Common and Rare.
Length: Length, in bytes, of the virus code.

Characteristics:
Memory Resident: Stays in memory after it activates.
Size Stealth: Tries to conceal itself from detection by disguising its size.
Full Stealth: Tries to conceal itself from detection by disguising its size
              and attributes.
Triggered Event: Performs some action based on certain criteria
          (for example a date on the computer's system clock).
Encrypting: Encrypts its code to make detection more difficult.
Polymorphic: Appears differently in each infected file.

Virus Name:   Michelangelo
Aliases:      Stoned.Michelangelo
Infects:      Floppy and Master Boot Records
Likelihood:   Common
Length:       512 bytes
Characteristics
Memory Resident
Yes
Triggered Event
Yes

Size Stealth
No
Encrypting
No

Full Stealth
No
Polymorphic
No


Comments:  If an infected system is booted on March 6th, the virus overwrites
the hard disk with information from memory.





