USERQBPP@SFU.BITNET (Robert Slade) (01/28/91)
The following exchange ported from the SUZY Information System: == E-Mail > Fetch > Sinclair, Wayne =========================================== = Subject: Stoned signature I have had problems with the Stoned virus in the past, at least I hope its past, but one thing puzzels me! I cleaned the whole of my system including all of my 3.5 and 5.25 floppies (100's of them) and fould many of my 5.25s to be infected by not one 3.5 disk out of a 100 or so. I did get reports back from F-Prot that there may be something unidentafiable on the boot sector and I attributed that to the strange formating that PC Tools 6.0 puts on the disk. Are some versions of the Stoned virus not capably of infecting drive B: or was I just outright lucky? Since I done the compleat system clean up a few month ago I have had no problems. I run F-Prots sys file to keep gaurd all the time, it saved me in the past 4 or 5 times. Also what triggers the Stoned virus into action, a key combination, timers, certain number of boots I can't figure it out? In all the times that the little pest gave me problems I had been previously working in PC Tools. I let Central Point know about this and their responce was "Oh". Strange. Wayne Sinclair == E-Mail > Fetch > Sinclair, Wayne > Reply =================================== = Subject: Stoned and drives There are at *least* six versions of "Stoned" on the loose, probably a good many more. So one cannot be too certain about "absolute" behaviour of the virus, but ... There are actually two possible explanations of the behaviour you see. I have a report of a version of "Stoned" (reported to be the original, in fact) that will not infect 3.5" drives. (This may have been "inspired" by the original BRAIN virus, which checked for the signature of a low density, 5.25" disk, and would not infect otherwise.) I have, in my possesion, a version which happily infects any size of floppy, but will not infect the B: drive. Activation is problematic as well. One of the versions I have will happily infect any disk in the A: drive, whenever the A: drive is accessed. Even for a DIR. The other version is a sullen beast, and I haven't yet figured out it's exact activation, but PCTOOLS seems to trigger it in my case as you report with yours. And yes, FPROT (at least up to version 1.13) did report PCTOOLS formatting as suspect. I have sent frisk a copy of the PCTOOLS boot sector, but I don't know whether he has been able to incorporate it into 1.14. Which is, by the way, available now in the INtegrity Library.