CHESS@YKTVMV.BITNET (David M. Chess) (09/01/89)
> ...if I answer "r" to the > massage and puting a non-protected diskette, then the FAT and > DIRECTORY of the protected diskette is transfered to the second non > protected diskette(and the files that I copied to). DOS has always done this, I think. I believe some versions of the documentation Strongly Warn against switching diskettes during the "Abort, Retry..." message. I realize that may not be much consolation! But it's not a virus, at least... DC
87303012@KRSNUCC1.BITNET (09/01/89)
HI, there. I 'm a college student studying physics. Now I have discovered a suspicious thing about MS-DOS's behavior in my sense. When I copy some files to a floppy but I misput a write protected diskette, I find the error massage "retry, ...". At this time, if I answer "r" to the massage and puting a non-protected diskette, then the FAT and DIRECTORY of the protected diskette is transfered to the second non protected diskette(and the files that I copied to). Is this a DOS's bug or a virus? I look forward to the help from anybody. Thank you. Kim, YunKi <87303012@KRSNUCC1> BITNET Seoul Nat'l Univ. Dep. of Physics
JS05STAF@MIAMIU.BITNET (Joe Simpson) (09/02/89)
In response to the question about the FAT from a locked disk being written to another disk this is a feature of MS-DOS, not a virus. Another chilling scenario conserns running an application such as a word processor, opening a document, exchangeing data diskettes, and saving a "backup" of the file. This often hoses the "backup" disk and sometines affects the origional file.
shap@sei.cmu.edu (Joseph D. Shapiro) (09/05/89)
In article <0004.8909011255.AA07043@ge.sei.cmu.edu> 87303012@KRSNUCC1.BITNET wr ites: > When I copy some >files to a floppy but I misput a write protected diskette, I find the >error massage "retry, ...". At this time, if I answer "r" to the >massage and puting a non-protected diskette, then the FAT and >DIRECTORY of the protected diskette is transfered to the second non >protected diskette(and the files that I copied to). Is this a DOS's >bug or a virus? Neither. It is normal behavior, given the circumstances. It is obviously not what you _want_ to happen, but then again, the proper answer in the given situation is to _A_bort the operation and start again. - -- __--__--__--__--__--__--__--__--__--__--__--__--__--__--__--__--__--__--__--__ Joe Shapiro "My other car is a turbo... ISC-Bunker Ramo ...too." {decvax,yale,philabs,oliveb}!bunker!shap
PEPRBV%CFAAMP.BITNET@IBM1.CC.Lehigh.Edu (Bob Babcock) (09/05/89)
>When I copy some >files to a floppy but I misput a write protected diskette, I find the >error massage "retry, ...". At this time, if I answer "r" to the >massage and puting a non-protected diskette, then the FAT and >DIRECTORY of the protected diskette is transfered to the second non >protected diskette(and the files that I copied to). Is this a DOS's >bug or a virus? This is a known behavior of MS-DOS. The directory and FAT have already been read before the write protect error is sensed, and when you say retry, DOS doesn't know that you have changed disks, so it doesn't reread the directory info.
Christoph.Fischer.RY15@DKAUNI11 (09/22/89)
Hi, we just had an inquiery about 4 strange files that appeared on a Microsoft WORD installation. All 4 files are hidden system and readonly. The filenames are: MWA. MW.COD MW.COM MW.DAT 256 47296 27902 24442 bytes file length The file MWA is text and contains: Copyright 1984 by Microsoft Word Freedom Fighters: Richard Brodie Jabe Blumenthal Jeff Harbers Doug Klunder Bruce Leak Frank Liang Carl McConnell David Palmer Chris Peters Jeff Raikes Tom Reeve Ken Shapiro Charles Simonyi Greg Cox Pat Th.... File dates showed a 1985 creation date Has anyone seen this before?????? These guys there have a bunch of problems, but we couldn't find a virus yet| Chris and Torsten ***************************************************************** * Torsten Boerstler and Christoph Fischer and Rainer Stober * * Micro-BIT Virus Team / University of Karlsruhe / West-Germany * * D-7500 Karlsruhe 1, Zirkel 2, Tel.: (0)721-608-4041 or 2067 * * E-Mail: RY15 at DKAUNI11.BITNET or RY12 at DKAUNI11.BITNET * *****************************************************************
huopio@uunet.UU.NET (Kauto Huopio) (09/26/89)
My Taiwanese-origin Comper AT ( a 12 MHz-machine with 1 meg of RAM) ran into trouble last night. My friend was playing Tetris (the original version), and after that I begun to test WordPerfect 4.2. I looked to some directories and there was some *VERY* odd characters in the directory listings, blinking high intensity white. Quite often there was a "smiley face"-character, also blinking high intensity white. Also, there was some ODD characters just at the beginning of the next line after the command prompt, when giving a DOS command. When I edited a small text with WP and tried to save it..the hard disk light just stayed on and.. I think you can guess the rest. I booted my AT with a floppy disk and ran DIAGS. To my suprise, the hard disk came back! This morning I put up the system, and it worked for a couple of minutes, but died again (Sector not found error on drive C: ) I am running DOS 3.30. Now, I have some questions: 1) What is the right size of DOS 3.30 COMMAND.COM ? 2) Should I do a low-level format with Ontrack Disk Manager 3.2 and try to do a clean system. 3) If this is caused by a virus, what is the bogus program ?? All help is welcome!! - --Kauto PS: Sorry about my poor English.. ****************** Kauto Huopio (huopio@kannel.lut.fi) ********************** *US Mail: Kauto Huopio, Punkkerikatu 1 A 10, SF-53850 Lappeenranta, Finland * *Project: Learn some GNU Emacs first.. :-) * *****************************************************************************
dnewton@uunet.UU.NET (Dave Newton) (09/26/89)
In article <0008.8909251230.AA29228@ge.sei.cmu.edu> Christoph.Fischer.RY15@DKAU NI11 writes: >Hi, > we just had an inquiery about 4 strange files that appeared on a >Microsoft WORD installation. All 4 files are hidden system and readonly. > >The file MWA is text and contains: > >Copyright 1984 by Microsoft >Word Freedom Fighters: [names deleted] >Charles Simonyi ^^^^^^^^^^^^^^^ I only recognize this name as being a guy who worked/works at microsoft, he was profiled in the microsoft press book _Porgrammers at Work_. Plus it's pretty unlikely that microsoft would copyright a virus. Of course, it could just be a ruse... David L. Newton | dnewton@carroll1.UUCP | Quote courtesy of (414) 524-7343 (work) | dnewton@carroll1.cc.edu | Marie Niechwiadowicz, (414) 524-6809 (home) | 100 NE Ave, Waukesha, WI 53186 | Boston College. [Q]: How many surrealists does it take to screw in a light bulb? [A]: The fish.
ousama@compsci.bristol.ac.uk (09/24/90)
Hi there,
A friend of mine has aquired an arcade game for his son, what caught
my eyes are the following:
- - when the game starts it displays the message :
You've got ..K RAM more than ypu need Dude!
- - when I tried to reboot the system( warm boot), it displays the message:
THAT'S ALL DUDES!
This message stays on the screen antill another warm boot is performed.
_ XRAY didn't detect any strange activities, and the available anti-virus
software didn't detect anything.
There is no way to tell if the files sizes are changing, because the disk
is full.
Are these symptoms of a virus (DENZUK variant for instance), or is it
a bad joke from someone who manage to change all the messages on the
disk.
Any help will be appreciated.
Regards,
O. FADEL
- ------------------------------------------------------------------------------
Research student | JANET : ousama@uk.ac.bris.cs
Computer Science Dept. | ARPANET : ousama@cs.bris.ac.uk
Bristol University , UK | BITNET : ousama%uk.ac.bris.cs@ukacrl.bitnet
- ------------------------------------------------------------------------------rae@po.CWRU.Edu (Robert A. Essig) (09/25/90)
In a previous VIRUS-L Digest, ousama@compsci.bristol.ac.uk writes : >- - when the game starts it displays the message : > You've got ..K RAM more than ypu need Dude! >- - when I tried to reboot the system( warm boot), it displays the message: > THAT'S ALL DUDES! > This message stays on the screen antill another warm boot is performed. >_ XRAY didn't detect any strange activities, and the available anti-virus > software didn't detect anything. This is not a virus. The program is California Games by Epyx. The messages are part of the program. Do not worry. Later, Bob - -- Robert A. Essig | E-mail : rae@po.cwru.edu Chemical Engineer-in-Training @ C.W.R.U. | CWRU Class of 1992 (hopefully) Database Maintenance Clerk @ U.H. of C. | President of Glaser House | GO BROWNS!
alarky@aragorn.csee.lehigh.edu (Dr. Arthur Larky-84068) (10/07/90)
It's not a virus. >From: dsndata!conslt04@zeus.unomaha.edu >Subject: Could this be a virus? (PC) > I'm a novice at computer viruses, and need some information. I >have a tandy computer with a 1200 baud modem, now the problem comes >with the modem. I can't get it to make the final connection to a >remote computer. I as using procomm 2.4.2, and it did work for a >period of time. I've had the computer and modem in to be checked out >for clitches, nothing was found to be wrong with the hardware. Has >anyone heard of a virus that can do this? If so what can I do to kill >it? Thanx for any info. >Todd Call your local phone company. I have 2 phone lines which I have been using with modems for 10 years. Aug 30th, they both became un-usable even though they worked fine as phones. So I: tried 1200 instead of 2400 baud - ng tried a different serial port - ng tried a different cpu board - ng tried a different serial board - ng tried a Hayes modem at 1200 - ng tried a different Hayes modem - ng tried 300 baud - ng connected, but could not talk ran a line directly from my computer to the incoming terminal block - ng tried calling a friend - ng discovered that he could call me and I would answer, but he would get a 300 baud connection when I was at 1200. called the phone company "You haven't paid for line maintenance". They sent a guy out who tested my lines and said they had a problem outside somewhere that affected 50 lines. He never came back. A day later they called me, "You don't have an inside line maintenance agreement" Finally, they replaced a couple miles of main cable and all was well. One week later, one line would not work at all, and the other only worked at 1200 baud. So I called them again: "You don't have an inside line maintenance agreement". Another guy came out and tested my lines and said the problem was outside. He came back several hours later and said he couldn't even find my line. Finally, I got to talk to someone who knew what a modem was: "We don't guarantee 2400 baud, just 1200". Two days later, they fixed it. It seems that after they put in the new cable, they re-connected me to the old one so there was a mile and a half of antenna on my line. The moral is: the phone company guarantees 1200 baud will work. If it used to work and stopped all of a sudden, the phone company broke it. If you persist, they will fix it, but you have to find someone there who has heard the word "modem" before. Art Larky Prof CSEE Lehigh University Disclaimers re: Lehigh University, Bell Telephone, etc., apply.
MIKAEL@vax.psl.ku.dk (MIKAEL LINDBERG MORTENSEN) (02/12/91)
I Would like some good advice on VIRUS. I am trying to figure out
whether a computer has a virus or the computer is just sick, here
goes:
While being inside a word processor (MS-Word 5.0) the computer
suddenly hung up, at least the keyboard was disabled. The speaker
started pipping realy madly. The mouse still worked though.
If the computer was hung the mouse would not work, if the computer
was hung the speaker would not be beeping, but just make a tone,
Have I got a known Virus on my hand or what?
Any suggestions are welcomed.
*******************************************
* Mikael Lindberg Mortensen *
* University of Copenhagen DDBD? *
* Psychological Laboratory @EY *
* Denmark. @D *
* mikael@vax.psl.ku.dk *
*******************************************gburlile@magnus.acs.ohio-state.edu (Greg Burlile) (06/12/91)
Recently our department has had some problems with all of the files in the root directory being erased (even the hidden system files). This happened about a week ago to one of our PCs and to two of our PCs today! I used the files that come with F-PROT that is site licensed here and could not find anything (F-PROT version 1.13). Is this a virus? I would appreciate any suggestions. Help!