rzh@lll-lcc.UUCP (Roger Hanscom) (09/20/89)
In <412@castle.ed.ac.uk> erck12@castle.ed.ac.uk (Gnome) writes: >In article <0000@starsend.UUPC> floyd@starsend.UUCP writes: >-An article in the September 11th issue of Info-World warns of a DOS virus >-which is supposed to be triggered on Oct. 12 and destroy hard disk track 0. >-It is has been called, "Datacrime 89", A.K.A "The Columbus Day Virus", >-A.K.A. "The Icelandic Virus." > > Could someone post to tell the world how to detect this virus. I think >there is considerable interest! > >-- > > Geoff Ballinger, JANET: Geoff@Ed.Ac.Uk > CS/AI, ARPA: Geoff%Uk.Ac.Ed@nsfnet-relay.Ac.Uk > Edinburgh University. UUCP: ...!uunet!mcvax!ukc!Ed.Ac.Uk!Geoff I have no direct knowledge of this virus, but I can pass along some comments that were made by my employer about it. It apparently attaches to any .COM file *except* COMMAND.COM. To detect it, compare the size of .COM files on your system to those on the distribution diskettes. An infected .COM should be 1168 or 1280 bytes larger. Obviously, all .COM files should be examined in order to completely eradicate it, including those on backups. That should keep those of you with high capacity hard disks busy until at least Columbus Day. 1/2 @:^) roger rzh@lll-lcc.llnl.gov
plim@hpsgpa.HP.COM (Peter Lim) (09/26/89)
> > I have no direct knowledge of this virus, but I can pass along some comments > that were made by my employer about it. It apparently attaches to any .COM > file *except* COMMAND.COM. To detect it, compare the size of .COM files on > your system to those on the distribution diskettes. An infected .COM should > be 1168 or 1280 bytes larger. Obviously, all .COM files should be examined > in order to completely eradicate it, including those on backups. That should > keep those of you with high capacity hard disks busy until at least Columbus > Day. 1/2 @:^) > roger rzh@lll-lcc.llnl.gov > ---------- > I think I have just met this virus a few weeks ago. I was going around testing 80386 machines and forgot to write-protect my test diskette. We thought it was a Singapore breed, may be not now........ Well, the darn thing I saw infect not only .COM files, but also .EXE files. And yes, it makes the infected file bigger by about 1k EVERY time you run it. So the file just get bigger and bigger. And as far as I can recollect, it doesn't affect COMMAND.COM. By the time we canned the virus, all it did was gobble up disk space. I am not exactly sure whether it is the same virus. But the one I saw caused xcopy and windows to fail (that's when we first suspected a virus infection). To check it out, run Norton's Utilities etc. on infected files and see if you can find the word COMMAND.COM in the file somewhere. Let me know what you find by e-mail. Regards, Peter Lim. HP Singapore IC Design Center. e-mail: hplabs!hp-pcd!hpsgwg!plim.