ssreefc@techunix.BITNET (florin coter) (01/18/89)
hello world,
The following happened in one ibmPC inside the institute and in one
ibmPC at a staff member's home. Here it is the story:
Durring editing some file ( or running a program at the othe machine )
a snow ball like "something appeared on the screen. The "ball" started to
move across the screen bouncing from some imaginary borders AND from some words
or letters. Exiting the current task or switching between text and graphic modes
did not cure the "ball". In both modes the shape of the ball was the same and
was nothing like any character from ibm extended character set. Turning the
machine off and on cured the "ball". Unfortunetely, only for a short period of t
ime.
On both machines there are some antivirus programs. none of them
signaled "infestation".
Any commenT ? help? advice ?
Since this is new we have no statistics, yet.
Thanx, florin.
--------
Florin Coter
Home address: 40/37 Leon Blum St., Haifa, Israel.
Home phone: 04-386133.
Office address: Solid State Institute, Technion, Haifa 3200, Israel.
Office phone: 04-293938/293613/293615.dhesi@bsu-cs.UUCP (Rahul Dhesi) (01/19/89)
In article <7259@techunix.BITNET> ssreefc@techunix.BITNET (florin coter) writes:
The "ball" started to move across the screen bouncing from some
imaginary borders AND from some words or letters. Exiting the
current task or switching between text and graphic modes did not
cure the "ball".
This is almost certainly a problem in your monitor. I suspect a bad
power supply.
--
Rahul Dhesi UUCP: <backbones>!{iuvax,pur-ee}!bsu-cs!dhesidean@violet.berkeley.edu (Dean Pentcheff) (01/19/89)
In article <7259@techunix.BITNET> ssreefc@techunix.BITNET (florin coter) writes: > The following happened in one ibmPC inside the institute and in one >ibmPC at a staff member's home. Here it is the story: > Durring editing some file ( or running a program at the othe machine ) >a snow ball like "something appeared on the screen. The "ball" started to >move across the screen bouncing from some imaginary borders AND from some words >or letters.... .... > On both machines there are some antivirus programs. none of them >signaled "infestation". About a year ago there was a PC virus, released in Israel, designed to trigger on Friday the 13 (any Friday the 13th). This "new" virus may be the same old one reappearing now that we've just passed another Friday 13th. I seem to recall that the last virus was discovered at Technion, so you may try calling the computer center or some programmers to find out. I think the last virus was designed to destroy data files, so I'd advise you to stop using the computers in question until you are sure you've eradicated this beast. Good luck. Not a very convincing demonstration of "anti-viral" programs, eh? -Dean Dean Pentcheff dean@violet.berkeley.edu ---------------------------------------------- As an adolescent I aspired to lasting fame, I craved factual certainty, and I thirsted for a meaningful vision of human life - so I became a scientist. This is like becoming an archbishop so you can meet girls. M. Cartmill
pitchfor@unsvax.UUCP (Donald "Lazarus" Pitchford) (01/22/89)
Sounds like FACE.COM (c) 1984 Bitwave Technologies to me. A completely
harmless shareware-type program. Here, I'll include it in uuencoded format
after this formfeed. if you don't want it, hit 'n' now.
begin 600 face.arc
M&@A&04-%+D-/30!>7EY>1@P``"$```"!%X`0```,^](-(0#@#P!(!O[].V@`
MQ`$!!`X,$"``@$4`#B%*I-@$0`",#P4$F"C`"8"*&0T((/D$P`"0*P>09`*`
M8,8"!$AV+``RP(0")$T:@)G``$L`!WH6V"B`)@*8%UQR!)"@IX21%$TJ@#EE
M)<6+,(7(_'K188"!),&:-0"4K$6S1XRZA3F$J=J'5Z16+'O`7Q"L>]_V'>(U
M,$P)8PV;79!S;D8I;14_)"!7<H`K=OD&H*#WKH`)@.\&>)B6KP`*B457:&R9
M0&3/<4L+#F`D\VP+G36+E`VS0F'/1E)K#L#:LX77I@]4%GW!=D\A>CM"@*D`
ML,D(,!T4;BD!YH+$-"?`;,"Z(V>S&R*;K$"T<DO<9ALPI1DUXX?H`##TU&#=
M]);?IBDAW&Q+%*>9`\C-]L1RIBWA7$9?Y":8/TF$QI<_2P`HF``:#-@38[QE
MI$6",#'`X&Q?/'A``!Q("-,&%L[V@(8P<>"A61T8.!L#)&:T8(@K.J%B`!ZX
M:%9U0`K0`8T9.7'CB@GH"),'/3[TP(D]?3"D$IU!4AT`"GVDD$4*C0GF/V*B
M>=%''WE$@`!)&4`0<0,DA9-%!!`$T4M+!1"``7_V4,<==8`%`"[:#``%*`4$
M($H1!6#1S!_#X))%!(N`,P,PC@"#RZ&Z)&J"(AY`0``@X\``R#XPU)'`I[#H
MHLL`Z$@1P"@X%)"(!3H48(^<`?Q#QP#I@(;.&0M\"D"GI#9Z"P#1C!.M"8L<
M4`@P=="`BQT*F)#(`8P@8P(C3PBP"QP`4'O`*#040.T1`HQB0P'ZX*+#`MZ"
M*VXB\.Z#C@,`;#HK`\V<@`Y!FS83@B^`!)P,*SP(,(<#N+R$SA;_T)*`+@00
M',(P,I`#,0ATY,,##')4P$,.=T3``@P")"-`,#'7C`P@S02P#CB*@`,-.X"0
M`P(@]/PC`C$\_$`'%SP,0<<9/"!!!Q4\1$&'!H2T0P<"BH0#2P#H,/!/I187
MD/'&'2M<Z4?HW.//ILQ2&<"ST4Z[2+GZY.LMO.<"X($CV832;KZAS+NW`!_L
M,XPN&C"@L<*T'*`P#P/0<8`NGCCP^,?,=,X,+A6-XD``N7@4A2\<@#V#`(,8
MPP`Z+0A0.@3B^).%..LPDW`(D!SD.S.0(!`%%+E$`8`O$`30.@.+$&%`Y/8$
M$\"P@!"#0"+.XXY%%L-,L0@VH<!00#2:&B!#`:.('\KYT:`S@P'BCW)^^`4L
MLHPN%MT3SR+";#',\*!X!P$(@:T'D",,-!"`.<)0N@#4+H$+W-XP!L$#*/!A
M`(-@`10H"(`^8)``&^2#`#+`!P(,@@TC'(0(.VA"(HRP4E``P#W(L!("D&\1
M^)!"('R0JT/5P0.+X%4!V($*!-2A`JB8W@*(.#T#%+$."%A'/?1!Q`3081^C
M*L`^M,`#DCV`!P"@PP(B9@<!Y&,8HG`'`<Z(CV%`(0I2N`(N8CC#&MX0'SOL
M(2Y^&,1>$=&(2%0B$^G@1"-&<8I5O"*UM+@#Y]4!!HM@`@'RR),]`E&(?SQB
M$L4XR$)"48I41(45L9B(!NP#'^L(0#Z^H(4L8.%_PA(`.@CQCSE<P!@&4",`
M<I$!`$3A'TR09;#0`8=_9&$.`A!'/![A0NYUA0@(*$%2R$>^7<`C)]BH%G$6
M`:\`N!`=U_"'_WJW"&\,8AT,",0^DO<'!N""`3(TP>@*D+SOK0,"2?G327#R
MDA4-0"4#6`0!5G"`6#0Q%@"0@P!B(8![H&,1T&B>`%8`KUI4S@"U2*@`:F$`
M*3A4"P.`A@":(8-V+"(;BCC$&1"`"&@NP@$'`T0X*M>!0>C#`W?`0$EM.H`[
M#``0P0@H2@\!!P0(`)HD.$!+$3`,?S!!`8H@@@((Z(<`#".J"VBI`D*1JT[M
MPB*(\(`:0W$P5#R`#D5`!0'H(`%<#`4=W>@'"R:"5*5"<QT-("L!BDA(=-S@
M'^F8!0#T2H+*;8!R=3"?`=1!@,+Z`QG0`,=CCXJ`I"XU'9$`P-?0T0Y_H&,`
M_AC$-*`U#E@4`!V2A04`T+$-S\:C'Z(E+2P(@`YG^`,6!T!',CS[#=B.%A:T
M\H4_?H$!7T%S>@/X!00*4+'5<J$?!*Q#!'!!D%KU@YK@()]R@8(/102`LI:%
MI@Z(8$5WRF"U,NC'M>C`@'5L`!=X6*T)U(NMZ5J,`_UHP4?`:U>N<0$!,OA'
M2K>1@)8N8!T(F,AW%2S+$=QVM4/P;!;Z,8<'S!8=.?!'5*/4V/[.488T'(`-
MP?$]2OKPDGY\8B`YN4E/'C*4HU37/K!'@$@:P,26[.,05;S));;XB2].)"D?
ML(^HLI2\OU*CL&@E"7ZX<0IPM(('#%`%!WP`"EPM0*>PL`AV@)&M/)B>!2)&
MAQ%0C@XKX,%:8;".'6Q*=#JC0>\408R0]<!X<A@`+HP'.P"L0P2A&%W/9`",
M1!C!`>NP0*`#T#-_$&,=VEATSPA!#CH0P!_,6$<SNG"`#WBAE5O`PC-V8(#1
MT0$*<HC!(I"Q`@>,SA?P7/0]S!$(8Z0N"N4<Q#`8<(PC$`0`6$7$$;)Z!`7\
MH]0!6,0\;C>.=73@I:-;`3+@#&L9FH.>R89'%):'CFGPXW;V&(8+_F&#>8W;
M!NWBQ)2A`&4I6.$*50B7(["Q#[@!PP2AN``!2'TP.D``RP<;!6.Q,(J#O9D=
M!#@VP@?A`X0C0`Y&T&O0@`$(?F`+`@$D``W^(0H!'IP`ZR!![^Q!#$"($;CH
MV$0^E#4*A.N5Y$`X.6T1L7*+M)P`+[=>'6S0Y448P02C0$``>@``>-1!`CY'
MP2@`U8,BP$,.!^A!$/!Q!P&LXP+0#D`ADF&'!R!/>:Z+@A70\0U^>.%V].C"
M%SZ=A5!WNA/+`$`5YE`&$!@A"$,H`@A^``(0F.$-<@`!&LK`!CBX@`0-4(`"
MD/"&.Y#L#2"8`QW"(`<ZZ"#Q?;][WD%0`Q!`X@!-",,:ZFZ&--BA[G-H0QK8
M4(8\^#T,8RC#'#!O=[SKO08P\+P!0C]ZOZ?!#'1PO1E@+_L0T%[S>L_]YX]0
M!CJ`0`YI(`,(WF`&D@W^];&?@]\!#P(W-![SD'A`%MY0!Q",(0QN`$$8V#`'
MR->![M:O>Q*<,`7UNT'Z0P@"NYGPA"$L`00``0*[F?"$(2P!!`!KRN29`X+.
MFP8*0$!Z$(8,&1`F0,@IT^:-G3(@S(094V:."X0(A[QQ0T?.&S8%T6#4R'&.
M#H0@0#`I8H3*%"1):L:,.22-G#%L,,I)<P8-'84'I"0Y@L0F3IT\?0+%&-0,
M'9@@@C"AHE`!DCH.@RIL,(2*%"8*$RA)0X=.&3EBZIS!JI7*BILYN>X\,K',
M&A!LTKC!2":,&XX[ZZX0\H0*$A!X:TZ)^0.DUY,/Z:B<@S'@0!!DWMQQD_&-
M'!!AC@8-,^?H$R=%(!<9\II(Z=-ES)@I,X;.RX0@DCB9#$E!$(<@*D[,N+'C
M3IY!H$QA\F3(DN<@C)2Y\Y9Y2ZS"IZP8$GUZ]>M4ZL@A/?+%&]T@W+Q)PQFA
M`A10)LXA:#@/",\%O0'"&"/1(5@=9:2@4`@DV-<")`;P]`8<>0Q5U%$HC*%@
M##G@0`,+(`C!UAUA7`0"%;RA(1\;;YSAWX,&V*==&2B9T5>``T[HGVF@T5=2
M&G&YE1)](,!ATAERA-'&;46^-<=(8:!41WT*&&E1&F24\5`>;]0A41ETA"'8
MD`012*&%1L7WAH$<N1"3$VLRJ5^497RD`!1OM4'?'&F,A",<;[0&@I]"U,%&
M4`:2)L0;8<CQT!0#N=4&04@:YA89=B9A!@A<>CDE1H8]5(8;:KSAGV9$6EEI
M&R#"L1IG('#FQI9=GA8##*"=Q$:C"'TJ1PMSU`$'H'(<12!)0P79)VD&_?:<
MB'20:"**8ZAX4HMY8!73%'6PA=$,,,"@+0A/#"93&KN.`8)(ZET%'$]*BC$4
M&6>4`6(30<0$@PPQT!`#0E2@0>0=Z*(TT1D^=M<I:OR!X"N(H7+:)0@$'PJ"
M&!C!4<=1(R%4:W)B!N;&&8#YR*1\!IJ1QABI+3OHIFNJ=)H9=9"F:I*3VDF"
M$(W*X=\4<(S*D1PG$"32867`8>!(("Z1!APA^FQ8T2"4@8=;;O`YD@M61.&+
M)P[DDH0`NP```"YFLS+`,+LH`,`]X\A`S"+8B"//*`H$D(47PP``"11N4&TU
7UEJ[P;778(M-MMEH`Z`VVV[#+?<B&@!`
`
endastieber@csd4.milw.wisc.edu (Anthony J Stieber) (01/22/89)
In article <5377@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) writes: >In article <7259@techunix.BITNET> ssreefc@techunix.BITNET (florin coter) writes: > The "ball" started to move across the screen bouncing from some > imaginary borders AND from some words or letters. Exiting the > current task or switching between text and graphic modes did not > cure the "ball". > >This is almost certainly a problem in your monitor. I suspect a bad >power supply. This could be a virus. I have a program that moves the smiling face character about the screen. The processing for this is done in the background. Making this into a non-malicious virus would be very easy. From the description the 'ball' does not seem to be a random voltage variation but a logically moving character. If anyone wants this program I can mail or post it (no source :-( -- Tony Stieber astieber@csd4.milw.wisc.edu
oferf@shum.huji.AC.IL (ofer faigon) (01/26/89)
What you describe is indeed a virus. We have it here at our university. I don't know much about it except that it attaches itself to the boot record of the boot disk, so it is very hard to get rid of it or to detect it. You better boot from an original diskette (write-protect it, just in case) and re-transfer the system to your boot disk with the SYS command. - Ofer Faigon TEL: +972-2-669-834 MAIL: P.O.B 7347, Jerusalem 91072, ISRAEL BITNET: oferf@HUJINIX CSNET & INTERNET: oferf@shum.huji.ac.il