%%File: VIRS0359.TXT
%%Name/Aliases: EXEBUG, EXEBUG1, EXEBUG2, EXEBUG3, exe_bug
%%Platform: PC/MS-DOS
%%Type: Boot sector., 
%%Disk Location: Floppy disk boot sector., Hard disk partition table.
%%Features: Memory resident; TSR above TOM., Stealth
%%Damage: Corrupts hard disk partition table
%%Size: 512 bytes
%%See Also: 
%%Notes: One report said that it overwrites random sectors in March.  On 
some systems, it can appear that this virus can survive a cold boot (see 
posting included below).

From a posting in alt.comp.virus, 2/95:
"Exebug is a memory resident infector of floppy diskette boot sectors 
and hard disk master boot records.  The original boot sectors will be 
stored in encrypted form elsewhere on the disk, depending on the disk 
type.  And the disk boot sector will now be replaced by the viral boot 
sector which will not be a legal MBR!  It is a very complicated virus. 
If you are infected with Exebug, all attempts to read the boot sector 
will be redirected to the correct version of the boot sector.  As a 
result, your system will seem to be unaffected.  The only way to detect 
the virus when infected is by its memory signature.

Exebug steals 1K of memory from the 640K mark. Thus infected systems 
will show 1K less memory available than normal.  The virus will alter 
the CMOS configuration of the system to report that there is no A: 
drive. On some systems, this alteration causes the system to always boot 
first from the C: drive.  Thus, on those systems, the virus will get 
into memory first. The virus, understanding that a user just attempted 
to reboot, will then simulate the booting process from A: but it will 
already be in memory.

Apart from these technical complications, the virus does not 
intentionally damage the computer.  Sector 7 of the hard disk boot track 
or a sector on track 0 of floppies is used to store the original boot 
sector. Thus, it might overwrite information."