MP14STAF@MIAMIU.BITNET (Mark Powers) (11/17/89)
Two of our PC labs have been infected with the STONED virus. Is there
anything out there that will fix these machines or are we looking at
rebuilding the infected disks?
Thanks for any assistance
Mark Powers
Academic Computer Service
Miami University
513-529-2020c2810@princeton.edu (SATYAJIT CHATTERJEE) (02/27/90)
We discovered the Stoned Virus in our PC's recently. Does anyone have any suggestions on how to get rid of this. We have hundreds of users who have their own floppies, most of them infected I suppose. It would be difficult to call them all in. Is there some way of automating this? Any suggestions will be appreciated.
gm@cunixa.cc.columbia.edu (Gary Mathews) (03/04/90)
moncol!c2810@princeton.edu (SATYAJIT CHATTERJEE) writes: >We discovered the Stoned Virus in our PC's recently. Does anyone have >any suggestions on how to get rid of this. We have hundreds of users >who have their own floppies, most of them infected I suppose. It would >be difficult to call them all in. Is there some way of automating >this? Any suggestions will be appreciated. I told you how to clean a disk, but I didn't really answer your question. After you get the clean program, you can run it in a simple batch file as follows: - -------------------------- cut here ---------------------------------------- @echo off :retry echo Insert disk to clean in drive A: echo (Press any key to continue or Ctrl-C to quit) pause > nul clean a: [stoned] goto retry - ----------------------------------------------------------------------------- You should have each user run this with all their disks. I hope this solves your virus problem ! - --------------------------------------------------------------------------- Gary Jason Mathews | gm@cunixd.cc.columbia.edu Columbia University | Death is life's way of telling you you've been fired. - ------------------------+ CPU time flies when you have a lot of bugs
bytor@milton.u.washington.edu (Michael Lorengo) (06/26/90)
Posting For A Friend Who Cannot Do So------
- -------------------------------------------------------------
We have been hit with a
STONED virus on our hard drive Z-248's. Unfortunately I
didn't grab any of the stoned info when it was available and
I wondered if you'd post the following for me?
We here at WMU are getting hit with the STONED virus in our
labs. Please e-mail any info you have on how you have handled
this virus in your labs to:
kroes@gw.wmich.edu
Thank you.
- ---------------------------------------------------------------
I appreciate your consideration. Thank you.AIE01001@UFRJ.BITNET (Joaquim de Oliveira Vasconcelos) (09/19/90)
We have noticed a "stoned virus" infection on a hard disk in our lab.
Unfortunately i couldn't find enough information on this kind of virus
in past issues. Would anyone in the list please send me answers to
the following questions ?
- How does the virus replicate?
- What kind of damage does it cause on the hard disk ?
- How can one get rid of it ?
Thanks in advance.
Joaquim de Oliveira Vasconcelos
Systems Analyst
COPPE/Universidade Federal do Rio de Janeiro
P.S.: Sorry for possible English language errors ...AIE01001@UFRJ.BITNET (Joaquim) (09/21/90)
I'd like to report that the "Stoned" virus infection in our lab was successfully removed using Mc Afee's SCAN & CLEAN software. Thanks to JIM SCHENCK, from Florida International University, who sent me a compilation of all "Stoned" related information that appeared in past issues of VIRUS-L. Maybe an additional service in the list could maintain separate files containing specific information about each virus. I don't know if someone can manage to do the additional work needed, but i think that this effort would be of great value. I leave it as a suggestion ... Joaquim de Oliveira Vasconcelos Systems Analyst COPPE/Universidade Federal do Rio de Janeiro - BRASIL
bent@lccinc.UUCP (Ben Taylor) (09/25/90)
>Thanks to JIM SCHENCK, from Florida International University, who sent >me a compilation of all "Stoned" related information that appeared in >past issues of VIRUS-L. We have recently been infected by "Stoned" as well. I would much like to get a copy of the stoned information also. >Maybe an additional service in the list could >maintain separate files containing specific information about each >virus. I don't know if someone can manage to do the additional work >needed, but i think that this effort would be of great value. I leave >it as a suggestion ... I agree. I was already wondering if there was a list of "indications" which correspond to the various viruses already out there. >Joaquim de Oliveira Vasconcelos Ben Taylor uunet!lccinc!bent Systems Administrator LCC Incorporated
JIMS@SERVAX.BITNET (Jim Schenk) (11/20/90)
In VIRUS-L #186, Finn M.Jensen writes: > Some time ago I received a 5.25" disk (containing source-code, > OBJ-files and .EXE-files) which I copied (using XCOPY) to the > harddisk. I have used both the .OBJ and .EXE files. > > Later I found out that the disk contained a virus. > > SCANV67C reports that the BOOT sector of the disk (placed in A:) > is infected by the STONED virus, but no viruses are detected on > the C: drive ! > > Questions: > 1) Is my C drive clean ??? If SCAN doesn't detect any viruses on your C: drive, and as long as you didn't boot up from the infected floppy, then your C: drive is probably clean. Like all boot sector viruses, the ONLY way Stoned can infect a hard disk is to boot up from an infected floppy disk. Even if the infected floppy is not bootable (not a system disk), simply having it in the A: drive and rebooting or turning on the computer is sufficient to infect the hard disk. > 2) Is it safe just to copy the files to a new (clean) disk ? Yes. Stoned is strictly a boot sector virus; files are not infected. Just make sure that the virus is not present in memory on the machine you do the copying (boot up from a clean, write- protected DOS disk), and SCAN the target disk when finished just to be safe. > 3) If 1) and 2) have negative answers - what should I do ????? If, perchance, SCAN or some other virus-scanning software DOES detect an infection on your hard disk, the easiest solution is to obtain either F-PROT (Fridrik Skulason, Box 7180, IS-127 Reykjavik, Iceland, frisk@rhi.hi.is) or CLEAN (McAfee - same place you got SCAN). I believe the latest version of F-PROT (1.13) is available through anonymous ftp from chyde.uwasa.fi or from comp.binaries.ibm.pc; as for CLEAN, try the Home Base BBS at (408)- 988-4004, or ftp from mibsrv.mib.eng.ua.edu. Jim Schenk University Computer Services Florida International University Bitnet: jims@servax Internet: jims@servax.fiu.edu
George_Bragg@carleton.ca (George Bragg) (11/30/90)
Having seen a lot of confusion about what the stoned virus does, I
thought I'd tell you my own experiences with said virus when a major
infestation hit the university where I work as a computer consultant.
Stoned, as mentioned by others, is a boot sector virus. It can only
infect memory if you boot up from a "dirty" disk. Once it is in
memory, however, it writes to anything. If you get it on a hard
drive, it attacks the FAT (I think), and when you reboot from the hard
drive, it's back in memory to spread it's jolly message to the masses.
This is probably why you'd see the cross- linked files with CHKDSK,
and why a floppy can be infected from a HD. BTW, McAfee's SCAN does a
wonderful job of both detecting and removing this virus.
Disclaimer: Nobody cares about my opinions, so I can't blame anybody else
for them.
George Bragg (WATPOD46@CARLETON.CA)jhp@apss.ab.ca (Herb Presley, Emergency Planning Officer) (01/07/91)
Last week I wrote............. > I have had a problem with the "Stoned" virus on my 8088 based XT. > After the virus appeared on Christmas Day, I reformatted (high level) > the hard drive and reconfigured the partition table using FDISK. > Although the message appeared on Christmas Day, the only problem that > my PC seemed to develop was the inability to load RAMDRIVE.SYS at > bootup. Reconfiguring the partition table and reformatting the hard > drive do not seem to have helped RAMDRIVE.SYS to load. Further to my earlier posting, I got ahold of a copy of McAfee's SCAN program, and it confirmed that the [Stoned] Virus was still affecting my hard drive. So I have now managed to cure the problem, and for what it's worth to anyone, if interested, here's how: 1) I rebooted the system off my floppy system disks (DOS 3.3) which I had COPY PROTECTED! I then backed up all the files onto floppy disks using XCOPY making sure that I had removed drive "C" from the environment path variable; 2) I opened the Partitiion Table and Boot Sector with the Norton Utilities; 3) I OVERWROTE the entire partition table with "0", and wrote it to the disk; 4) I then repartitioned the disk using FDISK; 5) I then reformatted the disk from the system floppies like so - A> format c: /v/s 6) I scanned all floppy disks with the McAfee program PRIOR to copying them to the hard drive. Where I found an infected disk, I repeated the same treatment I had given the hard disk with Norton Utilities. (You can copy the files from a floppy of which you have overwritten the Boot Sector provided that you are careful NOT to overwrite the FAT) and then reformatted them from the system floppies (which I knew to be clean). 7) The problem is solved. The PC is now, according to the McAfee program, clean! And the RAMDRIVER is loading a-ok. Hope this helps anyone else who has been infected by the [Stoned] virus. (By the way, I don't know if you've noticed but the person who wrote the message "Your PC is Stoned! LEGALISE MARIJUANA!" doesn't even know how to spell legalize.......heh! heh! And I'll bet he thinks he's smart.) And one other thing, a warning! I think I picked up the virus from a fairly reputable software company's disks that I purchased several months ago - a word processor, no less! It looks like some this major company may have a snake in the woodpile. I can't mention their name here, however I will be taking my case up with them so that they can call in the mongoose brigade. But be warned! These stupid viruses come from the most unexpected and innocent places! Check everything. If you don't have a copy of a good scan program, I would suggest that you get one. - ------------------------------------------------------------------------------- DISCLAIMER: Any views expressed here are mine alone and do not represent those of this organization email : jhp@apss.ab.ca mail : 10320 - 146 St., Edmonton, Alberta, Canada T5N 3A2 phone : (403) 451-7151
frank@cavebbs.gen.nz (Frank van der Hulst) (01/10/91)
jhp@apss.ab.ca (Herb Presley, Emergency Planning Officer) writes: >Further to my earlier posting, I got ahold of a copy of McAfee's SCAN >program, and it confirmed that the [Stoned] Virus was still affecting >my hard drive. So I have now managed to cure the problem, and for >what it's worth to anyone, if interested, here's how: Lots of stuff deleted here: What you needed to do was to a) Boot from a clean copy-protected disk (which you did), then b) Fix your HD boot sector. Having done that, Stoned is dead. Finally, c) Go through your floppies with e.g. SCAN, and treat them the same way... Stoned can only get off the floppy if you boot off the floppy. >Hope this helps anyone else who has been infected by the [Stoned] >virus. (By the way, I don't know if you've noticed but the person who >wrote the message "Your PC is Stoned! LEGALISE MARIJUANA!" doesn't >even know how to spell legalize.......heh! heh! And I'll bet he >thinks he's smart.) Hate to say this, but he's smarter than you are!!! LegaliSe is the Queen's English as spoken here in NZ (where Stoned originated, and is now at epidemic levels) -- your version is a mere vulgar Americanism. :-) >And one other thing, a warning! I think I picked up the virus from a >fairly reputable software company's disks that I purchased several >months ago - a word processor, no less! It looks like some this major >company may have a snake in the woodpile. I can't mention their name >here, however I will be taking my case up with them so that they can >call in the mongoose brigade. Many software shops here open packages for demos, etc., then reseal them. It is not uncommon to find a virus on a disk in a "sealed" package. - -- Take a walk on the wild side, and I don't mean the Milford Track.
U5434122@ucsvc.ucs.unimelb.edu.au (01/11/91)
jhp@apss.ab.ca (Herb Presley, Emergency Planning Officer) writes: > Last week I wrote............. > > > I have had a problem with the "Stoned" virus on my 8088 based XT. Etc... Herb goes on to say how he cleaned his HDD the hard way, instead of using CLEAN from McAfee. I would have suggested CLEAN to Herb, only my mail bounced, and so did mail routed through uunet.uu.net. Can you supply a proper path Herb? Send me an email message, and I will tell you what your path to/from me is. (I don't know until you send mail to me.) > Hope this helps anyone else who has been infected by the [Stoned] > virus. (By the way, I don't know if you've noticed but the person who > wrote the message "Your PC is Stoned! LEGALISE MARIJUANA!" doesn't > even know how to spell legalize.......heh! heh! And I'll bet he > thinks he's smart.) Unfortunately, the guy *did* know how to spell "legalise". The virus originated in New Zealand which uses British spelling of such words, just like I do. Danny U5434122@ucsvc.ucs.unimelb.edu.au
Michael_Kessler.Hum@sfsuvax1.sfsu.edu (04/09/91)
I was having problems with Vidram by QEMM on a Zenith 386 SX. It would not load properly for a couple of days, using the same unchanged batch files. I ran F-FCHK and F-Disinf on the machine, and the Stoned virus was removed. However, F-DRIVER (of F-PROT 1.14) is installed on the machine, and it did not detect it. The machine had been cleaned before installing F-DRIVER. 1.13 worked sucessfully at detecting the STONED virus. Is there a detection problem with F-DRIVER from F-PROT 1.14?
ACSJEC@SEMASSU.BITNET (Imagine...) (04/30/91)
Just a notification of the STONED VIRUS here at Southeastern Mass.
University. It appears we're getting from people using the computers
at a neighboring college.
I read teh list occasionally, is there some place we should report
VIRUS sightings, and if so is it only for new viruses??
Jim Cusson
ACSJEC@SEMASSU