leeuw@fwi.uva.nl (Jacco de Leeuw) (04/11/91)
A disk which contained a virus-killer I needed because of the 'Noname'-virus, also contained a very nasty virus (!). It was located in the 'disk-validator' program in the L directory. This one is a real problem, because you don't even have to boot from an infected disk or run a program! Just insert it in any drive and it will put itself in memory. A friend of mine said that this was because of a bug in Kickstart, because when a disk is damaged somehow (by this virus for example), the disk-validator on this disk is used, and not the one in L:. I don't know for sure what this virus does, except writing itself to any disk inserted. I DO know how to identify it: VirusX4.0 says that "The Australian Parasite virus" was found in memory and the ColdCapture pointer was altered. After that, VirusX says it has removed it from memory, but actually it's still there. You can easily check if your disk-validator has been infected: just 'type opt h df1:l/disk-validator' (for example) will do. The normal disk-validator contains a lot of text (several errors), whereas the virus only has the text 'Checksum error' at the end. You can't see the difference from the size of the disk-validator. So, is it a new virus? Which virus-killer can recognize this one and future versions? And where can I find it? Thanks, Jacco (leeuw@fwi.uva.nl) - -- Jacco de Leeuw | Email: leeuw@fwi.uva.nl J.C. van Wessemstr. 54 | Department of Computer Science 1501 VM Zaandam, Holland | Plantage Muidergracht 24 Room 106a Home phone: +31-75-352068 | 1018 TV Amsterdam, Holland