wct1@unix.cis.pitt.edu (William C Tom) (11/16/90)
According to ScanV67, the partition table of my hard disk has been infected with the "Stoned" virus. Two questions: What effects might I see with this particular infection? *AND*, more importantly, how can I get rid of "Stoned" ?? Is there a virus-killer program available ? Any help would be greatly appreciated.
dkrause@orion.oac.uci.edu (Doug Krause) (11/20/90)
wct1@unix.cis.pitt.edu (William C Tom) writes:
#According to ScanV67, the partition table of my hard disk has been
#infected with the "Stoned" virus.
#
#Two questions:
#
#What effects might I see with this particular infection?
C: might become unbootable, CHKDSK will find lots of lost clusters,
and you'll get lots of cross-linked files.
#*AND*, more importantly, how can I get rid of "Stoned" ?? Is there
#a virus-killer program available ?
CLEANP67.ZIP (at Simtel20 in PD1:<MSDOS.TROJAN-PRO> will take care of
Stoned. You will probably lose some files, especially executables
which can't be reassembled by hand (I certainly did).
Douglas Krause One yuppie can ruin your whole day.
- ----------------------------------------------------------------------
University of California, Irvine Internet: dkrause@orion.oac.uci.edu
Welcome to Irvine, Yuppieland USA BITNET: DJKrause@ucivmsaCCTR132@csc.canterbury.ac.nz (Nick FitzGerald) (11/30/90)
dkrause@orion.oac.uci.edu (Doug Krause) writes: > wct1@unix.cis.pitt.edu (William C Tom) writes: > #According to ScanV67, the partition table of my hard disk has been > #infected with the "Stoned" virus. > # > #Two questions: > # > #What effects might I see with this particular infection? > > C: might become unbootable, CHKDSK will find lots of lost clusters, > and you'll get lots of cross-linked files. STONED is the most common virus we see here - in the four months I've been in this job it is the only virus I have had to deal with on campus. (I have had a couple of reports of Jerusalem that were dealt with by the local DOS wizards in the departments concerned.) The only serious problem I've had associated with STONED was an infected hard-disk becoming "inaccessable" following disinfection. (Any attempt to access C: resulted in a "Divide overflow" error message.) This was more than likely due to the disinfector, rather than to STONED per se. Viruses are nasty, an unwanted nuisance, etc - but upping the hysteria with unfounded accusations of the possible effects of given virii (I'm not sure which plural I prefer) isn't going to help any. Nothing personal here Doug, but in my experience the first time CHKDSK ever gets run on a disk is following a (suspected) viral/trojan attack. I've often seen people complain about the sort of things you mention above after running CHKDSK (or whatver) for the first time (after having the machine for months/years), and then promptly blame the last "unusual" or "suspicious" thing they remember occurring as the culprit - "That new game", where all that happened was that someone did a DIR on the floppy and got a "General failure error" message etc. Much better that PC-users are well-informed about the different viruses out there and that they be made aware of the likelihood and means of infection. The more they know about the operating system and how to use some of the basic diagnostics (CHKDSK, etc) the better but, realistically, it isn't very likely that people will bother with the latter - they see the PC as a tool to help them in their work, and don't much care about its workings (so long as it works as they imagine it should). PC-users *ARE* talking about virii so we should do our utmost to ensure they are not misinformed. Have you actually seen these symptoms and were they conclusively due to STONED?? Has anyone else seen something similar that can clearly be attributed to STONED? Answers to these questions welcome (maybe mail is more appropriate) - discussion of other points/issues to the group. I'm not saying STONED is a *safe* virus (perish the thought), but it *IS* much less of a threat/nuisance than many others. - --------------------------------------------------------------------------- Nick FitzGerald, PC Applications Consultant, CSC, Uni of Canterbury, N.Z. Internet: n.fitzgerald@csc.canterbury.ac.nz Phone: (64)(3) 642-337
CHESS@YKTVMV.BITNET (David.M.Chess) (11/30/90)
The one case I know of in which the Stoned virus can cause that sort of problem is if the hard disk was last FDISKed under a version of DOS prior to 3.0. DOS 2.x FDISK sets up the hard disk (under at least some circumstances) so that part of the FAT is in the space that the Stoned uses to store the disk's original master boot record. So when the Stoned infects such a hard disk, it does essentially-random things to 512 bytes of the FAT; this will at least confuse CHKDSK, and if that part of the FAT was in active use for files, can do arbitrary bad things to the disk's file structure. DC
dkrause@orion.oac.uci.edu (Doug Krause) (12/04/90)
CCTR132@csc.canterbury.ac.nz (Nick FitzGerald) writes:
#Viruses are nasty, an unwanted nuisance, etc - but upping the hysteria with
#unfounded accusations of the possible effects of given virii (I'm not sure
#which plural I prefer) isn't going to help any. Nothing personal here Doug,
#but in my experience the first time CHKDSK ever gets run on a disk is
#following a (suspected) viral/trojan attack. I've often seen people complain
#about the sort of things you mention above after running CHKDSK (or whatver)
#for the first time (after having the machine for months/years), and then
#promptly blame the last "unusual" or "suspicious" thing they remember
#occurring as the culprit - "That new game", where all that happened was that
#someone did a DIR on the floppy and got a "General failure error" message etc.
No offense taken. :-) Anyway, here's what happened: I downloaded some
info-mac listings files to my pc and was looking at them with LIST.
When I tried to move to the second file, LIST complained about my
partition table. I ran CHKDSK and it found lost clusters so I ran
CHKDSK /V and it created 150 FILE*.CHK files. At this point I also
found out that several files were cross-linked and that one of my
directories pointed back at the root directory. (This one was real
fun.) I also made the nifty discovery that my hard disk was
unbootable. I finally gave up and downloaded SCAN and CLEAN from
Simtel20. SCAN reported that I had Stoned in the partition table and
CLEAN fortunately was able to remove it. Unfortunately CLEAN left C:
inaccesible but Norton Disk Doctor cured that and got rid of the
directory that was linked to root. (Only one file in that directory
and I didn't need it anyway.)
#Much better that PC-users are well-informed about the different viruses out
#there and that they be made aware of the likelihood and means of infection.
I still don't know where I got the virus, but I haven't checked all of
my floppies yet.
#Have you actually seen these symptoms and were they conclusively due to
#STONED??
The symptoms I described are listed in the documentation that comes with
SCAN/CLEAN. Maybe not conclusive, but I'll accept it.
#I'm not saying STONED is a *safe* virus (perish the thought), but it *IS*
#much less of a threat/nuisance than many others.
Yes, I know that I could have ended up a lot worse off.
Douglas Krause One yuppie can ruin your whole day.
- ----------------------------------------------------------------------
University of California, Irvine Internet: dkrause@orion.oac.uci.edu
Welcome to Irvine, Yuppieland USA BITNET: DJKrause@ucivmsa