Ontario.2048 is a computer virus, discovered in September 1992. It is the third and final known variant of the Ontario family, both chronologically and in complexity. Because of its rather extreme differences from the original virus, some vendors identify it as a member of a separate family - hence the alias Bootache.2048.
When the DOS DEBUG program is in memory, Ontario.2048 will detect it and disinfect programs in memory to avoid being analysed. Ontario.2048 also features an extremely complex encryption system; a given sample of Ontario.2048 may only share two bytes in common with another.
The first three symptoms are good indications that a virus is present, but are not necessarily specific to Ontario.1024.
Ontario.2048 also contains text, which is invisible because Ontario.2048 is encrypted. The following text strings are present:
The first line is a reference to the method used to find COMMAND.COM to infect, as well as file types that the virus infects. The second line refers to the version of MSDOS that Ontario.2048 was written on. The third is a reference to the Youngsters Against McAfee virus group, which the author had joined by this point.
A number of descriptions note multipartite function in Ontario.2048. This is incorrect. Ontario.2048 does contain a boot sector within it with a boot virus. If inserted into the boot sector, it would be a functioning boot virus (although it would not spread the file infection portion of Ontario.2048). However, Ontario.2048 never performs the injection; the code is functionally useless. Based on the virus author's documentation for the virus , this appears to be intentional (reasons unknown).
Like all DOS file infectors, the advent of Windows significantly hindered the spread of Ontario.2048. Trend Micro statistics report only two infections since November 6, 2006 , which indicates that the virus is now obsolete.