CMOS4

Please read the instructions for disinfecting master boot record viruses that store the boot sector.

CMOS4 is a boot sector virus with simple stealth which intercepts all INT 13 reads and if a sector starts with 4D5A 4000 8837 010F it corrupts the next byte into a random value.

CMOS4 does not touch CMOS or the partition table. It infects the master boot sector of hard disks and the boot sector of floppy disks. Its stealth consists of hiding the real boot sectors.

There is a 3 in 256 chance of the virus triggering for each data read.

When triggered CMOS4 examines the data being read to see if it is the start of an EXE file. If it is, and certain conditions regarding the size and nature of that program are met, the virus corrupts the data. A corrupted EXE file would not execute and would not copy cleanly. However, to our knowledge, a program meeting the conditions has never been found, so the payload is for practical purposes harmless.