%%File: VIRS0609.TXT
%%Name/Aliases: Parity 2, Parity Boot, Parity_Boot.A and Parity_Boot.B  
%%Platform: PC/MS-DOS
%%Type: Boot sector., 
%%Disk Location: Floppy disk boot sector., Hard disk partition table.
%%Features: Memory resident; TSR., Stealth; actively hides from 
detection.
%%Damage: Display message 'PARITY CHECK' and Halts the computer, 
Performs soft reboot and warm reboot.
%%Size: Overlays boot sector, no increase, Reduces DOS memory by 1 kbyte
%%See Also: Parity
%%Notes: 
A memory resident boot virus that infects floppy disk boot records and 
hard disk partition tables.                      
The Virus uses stealth techniques to hide.
 Stealth techniques preclude disk  scan when virus is in memory.                  
It may display the message PARITY CHECK and then hang the computer.
v6-149: "...Germany is full of it. Not because it is stealth or survives 
warm reboot (which it is and does), no - because some large warehouse 
has distributed it on the computers they sold...."

Updated information:
Parity_Boot.A  and Parity_Boot.B are two similar Boot Sector viruses. 
The only  difference is that 'A' version stores a copy of the original 
Master Boot Sector in Sector 14, Side 0, Cylinder 0 of the hard disk. 
While the 'B' version uses Sector 9, Side 0, Cylinder 0. This difference 
is important for disinfection purposes.

A hard disk is infected upon booting from an infected floppy disk. The 
virus examines the MBS to determine whether the disk is infected or 
clean. If the offset 01BCh has a value of C9h, then the hard disk is 
infected. If the test fails, then the virus starts the infection 
process. It stores parts of the 24-hour timer for later use. And it 
stores the address of the current Int 13h handler and reduces DOS memory 
by  1 kbyte, which is used for the virus code. Then, it hooks Int 13h 
and Int 09h. Finally, It executes a soft reboot using the Int 19h  
function. The reboot will use the virus' Int 13 h and Int 09h functions 
which loads the original boot sector into memory and gives it control. 

The virus' payload is activated by  Int 09h. Whenever Int 09h is called 
and the clock count byte stored  at booting is less than the current 
time value, the payload will be delivered. It consists of displaying the 
message 'PARITY CHECK' and the processor is halted with HLT instruction, 
and the only way out of the situation is to turn the machine off! Also, 
when Ctrl_Alt_Del keys are pressed, then the virus simulates a memory 
parity error, executing a warm reboot.