padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) (04/23/91)
Just received a copy of the boot sector virus and it is a hacked
STONED that has just had the message changed (at least that is what FC
says) As in the STONED the message has two parts, one that is
displayed, and one that is not. The displayed message:
<bell>VIVA Saddam Hussain.!!<bell><cr><lf><lf>
The non-displayed message:
KILL IMPERIALISTS.!
Any good anti-virus or integrity program that finds the STONED should
also reveal this version.
Removal from a hard disk is the same, copy absolute sector 7 (the real
MBR) back to absolute sector 1. On floppies, it is best to copy off
any needed files and reformat the disk. (always boot from a known
clean write-protected floppy by cycling power before attempting any
removal.)
Warmly,
Padgett