rwh@me.utoronto.ca (Russell Herman) (11/24/89)
The 'STONED' virus has infected 2 PCs in the satellite room here in Mechanical Engineering. It will eventually reformat your hard drive if undetected. MacAfee's "SCAN" programs will detect its presence, and there is a set of disinfectants available called "MD". If you have something to read the boot sector you can look for the "LEGALIZE MARIJUANA" message in the boot sector of any disk you suspect. If you cannot disinfect, a low-level format of the hard disk is required. ---=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--- Russ Herman | Internet: rwh@me.utoronto.ca | University of Toronto Comp. Sys. Mgr. | UUCP: uunet!utai!me!rwh | Dept. of Mech. Eng. (416)978-4987 | | 5 King's College Rd. (416)978-7753fax| | Toronto, ON M5S 1A4 Canada
debudapg@gpu.utcs.utoronto.ca (Peter de Buda) (12/05/89)
In article <89Nov23.171846est.19490@me.utoronto.ca> rwh@me.utoronto.ca (Russell Herman) writes: >The 'STONED' virus has infected 2 PCs in the satellite room here in >Mechanical Engineering. It will eventually reformat your hard drive >if undetected. > >MacAfee's "SCAN" programs will detect its presence, and there is a set of >disinfectants available called "MD". If you have something to read the boot >sector you can look for the "LEGALIZE MARIJUANA" message in the boot >sector of any disk you suspect. If you cannot disinfect, a low-level >format of the hard disk is required. > >---=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--- >Russ Herman | Internet: rwh@me.utoronto.ca | University of Toronto >Comp. Sys. Mgr. | UUCP: uunet!utai!me!rwh | Dept. of Mech. Eng. >(416)978-4987 | | 5 King's College Rd. >(416)978-7753fax| | Toronto, ON M5S 1A4 Canada > > > The above-mentioned virus has hit PC/compatibles in the chemical engineering department (December 4, 1989). I have no hard evidence, but at this time, I would be wary of the CCIE network in general, and of the MATLAB program in particular. Peter de Buda Internet: debudapg@gpu.utcs.utoronto.ca Dept. Chemical Engineering and Applied Chemistry (416)978-5100
sun@me.utoronto.ca (Andy Sun Anu-guest) (12/08/89)
In article <1989Dec4.195246.8850@gpu.utcs.utoronto.ca> debudapg@gpu.utcs.utoronto.ca (Peter de Buda) writes: >In article <89Nov23.171846est.19490@me.utoronto.ca> rwh@me.utoronto.ca (Russell Herman) writes: >>The 'STONED' virus has infected 2 PCs in the satellite room here in >>Mechanical Engineering. It will eventually reformat your hard drive >>if undetected. >> >>MacAfee's "SCAN" programs will detect its presence, and there is a set of >>disinfectants available called "MD". If you have something to read the boot >>sector you can look for the "LEGALIZE MARIJUANA" message in the boot >>sector of any disk you suspect. If you cannot disinfect, a low-level >>format of the hard disk is required. >> >>---=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--- >>Russ Herman | Internet: rwh@me.utoronto.ca | University of Toronto >>Comp. Sys. Mgr. | UUCP: uunet!utai!me!rwh | Dept. of Mech. Eng. >>(416)978-4987 | | 5 King's College Rd. >>(416)978-7753fax| | Toronto, ON M5S 1A4 Canada >> >> >> > > >The above-mentioned virus has hit PC/compatibles in the >chemical engineering department (December 4, 1989). > >I have no hard evidence, but at this time, I would be >wary of the CCIE network in general, and of the >MATLAB program in particular. > The three IBM Token-Rings of CCIE are read-only. Strictly speaking, they cannot be infected. We have a PC-network in the Mechanical Satellite Room and it was not-being infected since we've set both hard disks to read-only. Only the two stand-alone machines with an HD in them were infected. I would worry about the 8 PS/2 Model 50Zs in MC404A instead of the network servers. And I don't see any logical reason why 'MATLAB program in particular'. There is another program, apparently coming from McAfee Associates also, called SENTRY, will perform a fast scan on HDs upon boot up. It took approximately 15-20 seconds to scan through a 30 MB hard disk (of course that doesn't tell you much since it depends on the number of .COM and .EXE in your HD). You can ftp it from SIMTEL20 and it is a shareware. >Peter de Buda Internet: debudapg@gpu.utcs.utoronto.ca >Dept. Chemical Engineering > and Applied Chemistry >(416)978-5100 Andy -- _______________________________________________________________________________ Andy Sun | Internet: sun@me.utoronto.ca University of Toronto, Canada | UUCP : csri.toronto.edu!me.utoronto.ca!sun Dept. of Mechanical Engineering | BITNET : sun@me.utoronto.BITNET
debudapg@gpu.utcs.utoronto.ca (Peter de Buda) (12/09/89)
In article <1989Dec7.201636.10400@me.toronto.edu> sun@me.utoronto.ca (Andy Sun Anu-guest) writes: >In article <1989Dec4.195246.8850@gpu.utcs.utoronto.ca> debudapg@gpu.utcs.utoronto.ca (Peter de Buda) writes: >>In article <89Nov23.171846est.19490@me.utoronto.ca> rwh@me.utoronto.ca (Russell Herman) writes: >>>The 'STONED' virus has infected 2 PCs in the satellite room here in >>>Mechanical Engineering. It will eventually reformat your hard drive >>>if undetected. >>> etc. >> >>The above-mentioned virus has hit PC/compatibles in the >>chemical engineering department (December 4, 1989). >> >>I have no hard evidence, but at this time, I would be >>wary of the CCIE network in general, and of the >>MATLAB program in particular. >> > >The three IBM Token-Rings of CCIE are read-only. Strictly speaking, they cannot >be infected. We have a PC-network in the Mechanical Satellite Room and it >was not-being infected since we've set both hard disks to read-only. Only the >two stand-alone machines with an HD in them were infected. I would worry >about the 8 PS/2 Model 50Zs in MC404A instead of the network servers. And >I don't see any logical reason why 'MATLAB program in particular'. > etc. I apologize. According to what I learned since I wrote my previous message, the STONED virus can spread from floppy disk to hard disk, and from hard disk to floppy disk (although I still do not understand in what circumstances it does so). Therefore, I agree that there is >> NO << logical reason to suspect the MATLAB program in particular. I accept the assurances of Andy Sun Anu-guest that the CCIE hard disks are not infected. One statement I do not retract. The STONED virus is spreading. Peter de Buda debudapg@gpu.utcs.utoronto.ca Dept. Chemical Engineering and Applied Chemistry 978-5100