3501P@NAVPGS.BITNET (Jeffrey) (01/15/91)
Thanks to everyone on Virus-l for their help with my Virus problem
especially Nick F., Michael B., James O., and Carlos J. The response
was great, and sorry if I didn't mention you by name if you replied to
my note. Our PC was infected by both viruses simultaneously.
Stoned-2 sporadically caused the machine not to boot (but didn't
display the "stoned" message), and Joshi disabled the machine when we
tried to boot up on Jan. 5 1991 (again without the signature message,
"type happy birthday joshi to continue..."). Apparently each virus
caused the other one to execute incompletely.
Both Virii were successfully removed, though the corruption of the
partition table from Johsi neccesitated a cable transfer from my
Hard-disk to a clean hard-disk. We now have McAfee's program
installed. The virus was apparently picked up from someone who
accessed a bulletin board and executed some code they had down-loaded.
Lastly, someone replying to my note requested a copy of the virus
so they could analyze it and tell me more about it (I forgot who,
though). Sorry, but I won't send any live code to anyone for any
reason. Thanks again for all the help.
--JeffreyCHESS@YKTVMV.BITNET (David.M.Chess) (01/15/91)
Jeffrey <3501P@NAVPGS.BITNET>: > The virus was apparently picked up from someone who > accessed a bulletin board and executed some code they had down-loaded. That's not really very likely (unless what was downloaded was a disk-image that the person then booted from); the Stoned and Joshi viruses are both boot-sector infectors only. You can only become infected by either of them by booting from an infected diskette (or, in theory, by running a program that "injects" them onto your disk; no such program has ever been reported, though). You might (f you haven't already) scan all diskettes in the neighborhood that the machine might have accidentally been booted from (even "non-system" diskettes can be infected); you might find the source more accurately that way (or you might not; source-tracing succeeds depressingly rarely). DC