CMOS4

Aliases	AntiEXE D3.
Category	Viruses and Spyware
Type	Virus
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for disinfecting master boot record viruses that store the boot sector.

Please read the instructions for disinfecting master boot record viruses that store the boot sector.

More Information

Summary
Action
More Information

CMOS4 is a boot sector virus with simple stealth which intercepts all INT 13 reads and if a sector starts with 4D5A 4000 8837 010F it corrupts the next byte into a random value.

CMOS4 does not touch CMOS or the partition table. It infects the master boot sector of hard disks and the boot sector of floppy disks. Its stealth consists of hiding the real boot sectors.

There is a 3 in 256 chance of the virus triggering for each data read.

When triggered CMOS4 examines the data being read to see if it is the start of an EXE file. If it is, and certain conditions regarding the size and nature of that program are met, the virus corrupts the data. A corrupted EXE file would not execute and would not copy cleanly. However, to our knowledge, a program meeting the conditions has never been found, so the payload is for practical purposes harmless.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

CMOS4

Summary

Action

More Information