IMER400@INDYCMS.BITNET (martha rapp) (02/27/91)
We may have a new variation of STONED II here at IUPUI. The message has been changed to say LEGALISE instead of version 2. This IS NOT being found by virus scan version 74b on the harddrive but will find it on the floppy. The machine infected is a COMPAQ XT. Also before I forget the message does not appear in the partition table when viewed with a sector editor. Martha Rapp BITNET: IMER400@INDYCMS || INTERNET: IMER400@INDYCMS.IUPUI.EDU Programmer/Analyst Indiana University Purdue University at Indianapolis
John_Carson@van-bc.wimsey.bc.ca (John Carson) (03/03/91)
My friend Paul..purchased a MICROSOFT DOS 4.01 at a Computer store and
also purchased some BRAND NAME 3 1/2 DISKS. The salesman copied the
dos onto the 3 1/2. Later we found the VIRUS Stoned II on the system.
After cleaning up the system. We found the virus was on the original
MICROSOFT DOS 5 1/4 DISKS. Can this virus jump on to the original as
you copy it to another....OR is there a chance it was on the MICROSOFT
DOS.
********************************************************************
D.John Carson J & H Concepts a29@mindlink.UUCP 604-589-5118
uunet!van-bc!rsoft!mindlink!a29
***********************************************************************nelson@sgi.com (Nelson Bolyard) (03/14/91)
rsoft!mindlink!John_Carson@van-bc.wimsey.bc.ca (John Carson) writes: >My friend Paul..purchased a MICROSOFT DOS 4.01 at a Computer store and >also purchased some BRAND NAME 3 1/2 DISKS. The salesman copied the >dos onto the 3 1/2. Later we found the VIRUS Stoned II on the system. >After cleaning up the system. We found the virus was on the original >MICROSOFT DOS 5 1/4 DISKS. Can this virus jump on to the original as >you copy it to another....OR is there a chance it was on the MICROSOFT >DOS. John, Most boot sector viruses (like Stoned, for example) will "infect" any diskette that is put into your diskette drive that is not write protected!! As I understand your story, your friend Paul bought a machine with only 3.5 inch disk drives, but the MSDOS disks were 5.25 inch, so the salesman copied the 5.25 inch MSDOS originals onto some brand new 3.5 inch disks for Paul. If the 5.25 inch MSDOS original disks were NOT write protected when the salesman stuck them into his (evidently) infected machine, then the MSDOS masters got infected at that point, and probably so did the 3.5 inch disks onto which MSDOS was copied. IMHO, master software disks should come out of the box write protected. They shouldn't even have the write enable notches cut into them. I NEVER put a write-enabled master diskette for ANY program into my machines. I ALWAYS put a write protect tab on a master before inserting it. I know that there is an increasing trend in the install programs for commerically purchased software to write on the master disk as part of the installation program. Programs that do this include MultiMate, Windows 3.0, and the newer Sierra games (e.g. King's Quest V). I have installed legal copies of all those programs, and I have never written on my master disks. This is accomplished by making a backup copy (using diskcopy) of the master and installing using that copy. For software with copy-protected masters, I have found that I can initiate the installation using the write-protected master, and then substitute a write-enabled copy just before the writing occurs. I'd suggest that your friend Paul take the people at that computer store to task for selling him infected software. - ----------------------------------------------------------------------------- Nelson Bolyard nelson@sgi.COM {decwrl,sun}!sgi!whizzer!nelson Disclaimer: Views expressed herein do not represent the views of my employer. - -----------------------------------------------------------------------------
KAMRAN@Vax2.Concordia.CA (Kamran Farahi) (03/20/91)
Hi; This is my second posting to this group; I'd like to thank everybody for responding so promptly to my first message. Now let me ask you another question. We have encountered a new version of STONED on our pc's. We ran SCAN V75 but did not recognize there is a virus. However, when we ran F-DISINF V114 this message was displayed: "This boot sector is infected with a new version of the stoned virus" but did not remove it!! Does anybody know the cure to this problem?? Are Mr. McAfee and Mr. Skulason aware of this virus ??. Thanks again.