%%File: VIRS0490.TXT
%%Name/Aliases: Jumper, French Boot, Sillybob, Neuville, Touche, EE, 
2KB, Viresc, Jumper B
%%Platform: PC/MS-DOS
%%Type: Boot sector., 
%%Disk Location: Hard disk partition table., Floppy disk boot sector.
%%Features: Memory resident; TSR.
%%Damage: Display s message on boot-up.
%%Size: Recudes memory by 2 kbyte and uses that for itself.
%%See Also: 
%%Notes: Jumper infects diskette boot sectors and hard disk MBRs .
 It infects the hard disk only if the user tries to boot from an 
infected floppy.
 Most, but not all floppies used in  the computer are then infected.
 
The virus sometimes hangs the machine at boot.

This virus intercepts Int 21h and Int 1Ch. It uses Int 1Ch, which is the 
system Timer Tick , to activate its triggering routine. Every time the 
timer ticks, the virus compare the 2nd lowest byte of the timer  in BDA 
area with offset 01C6h in boot sector. As soon as the value in timer 
exceeds the value at the boot sector, the virus hooks Int 21h. Two sub-
functions of Int 21h are employed for infection drives A and B. The sub-
function 0Eh will be used to infect drive A or B immediately. The  sub-
function 0Ah will be used along the clock time tests for infecting the 
drives A and B. Sometime, on booting, the virus locks the machine by 
repeatedly displaying 'e '. All these activities are closely tied to the 
clock count in BDA, since the count change 18 times in 1 second, the 
activities are sparse and almost random.

Removal of the virus should be done under clean system condition and  
using the FDISK/MBR command. 

For more info., see the VIRUS BULLETIN  April 1995 issue.