perry@beach.gal.utexas.edu (John Perry KG5RG) (10/11/90)
Just a quick note to let everyone know that several IBM and compatible PC's here at the University of Texas Medical Branch in Galveston, Texas have been infected with the OHIO virus. I have not yet attempted to remove the virus and I would like any suggestions on the best way to go about it. I have the McAfee products. I will try them first. Anybody have any thoughts or suggestions? John Perry KG5RG University of Texas Medical Branch Galveston, Texas 77550-2772 You can send mail to me at any of the following addresses: DECnet : BEACH::PERRY THEnet : BEACH::PERRY Internet : perry@beach.gal.utexas.edu BITNET : PERRY@UTMBEACH SPAN : UTSPAN::UTADNX::MBIAN::PERRY
FEDERMAN@CVAX.IPFW.INDIANA.EDU (ALAN N. FEDERMAN) (10/16/90)
In response to: (Reply-To: VIRUS-L@IBM1.CC.LEHIGH.EDU From: "The Moderator Kenneth R. van Wyk" <krvw@CERT.SEI.CMU.EDU> Subject: VIRUS-L Digest V3 #170 VIRUS-L Digest Monday, 15 Oct 1990 Volume 3 : Issue 170) >Date: 11 Oct 90 16:52:24 +0000 >From: perry@beach.gal.utexas.edu (John Perry KG5RG) >Subject: OHIO virus found at UTMB (PC) > > Just a quick note to let everyone know that several IBM and >compatible PC's here at the University of Texas Medical Branch in >Galveston, Texas have been infected with the OHIO virus. I have not yet >attempted to remove the virus and I would like any suggestions on the >best way to go about it. I have the McAfee products. I will try them >first. Anybody have any thoughts or suggestions? > > John Perry KG5RG > University of Texas Medical Branch > Galveston, Texas 77550-2772 Reply: I have run a PC lab "virus free" for the last three years. We use a Novel network, with student PCs equiped with auto-bootup ROMS on the network cards. The students cannot write to the server hard disk, only access applications and data. The student PCs do not have hard disks. No floppies are handed out by staff. Students can download shareware and licensed software. They cannot make a DOS diskette. We also run the McAlfee program (WE ARE LICENSED FOR IT!) A student can check a floppy for possible infection. We recently won a NACUBO cost reduction incentive award for this Lab. We have stayed virus free. Other labs in this school have been clobered repeatedly. I don't know how you could enforce a perimeter defense. Do you intend to screen every floppy comming in the door? Pretty labor intensive, as well as annoying to customers. Run memory resident virus checking programs? Those TSRs may interfer with other applications. ============================================================================= [ ] [ Alan Federman ] [ ] [ Coordinator of Academic Computing ] [ Indiana University - Purdue University at Fort Wayne ] [ bitnet: FEDERMAN@IPFWCVAX ] [ internet: FEDERMAN@CVAX.IPFW.INDIANA.EDU ] [ ] [ "It's supposed to be automatic, but you really have to press this Button." ] [ - John Bruner ] [ ] ==============================================================================
perry@mbian.gal.utexas.edu (John Perry KG5RG) (10/18/90)
A few days ago, I announced that the OHIO virus has infected several PCs here at UTMB. Well, there is a whole new twist to the story now. After consulting with John McAfee and running a few tests, it has been determined that in the proper environment, the OHIO virus changes from a relatively benign virus into a potent disk destroyer! The virus was discovered on several 5.25 inch floppy disks on a PC connected to a VAX 8250 using DECnet DOS 2.1. Almost all diskettes used on the PC after infection were damaged so badly that they had to be completely re-formatted before they were usable again. In addition, the virus was also discovered on several 3.5 inch floppies. The virus isn't supposed to be able to do this! Apparently the combination of the OHIO virus and DECnet DOS 2.1 creates a contention between the TSRs that causes havoc. I hope someone out there in VIRUS-L land can reproduce this problem and either confirm or refute my findings. John Perry KG5RG University of Texas Medical Branch The Marine Biomedical Institute 200 University Blvd. H-43 Galveston, Texas 77550-2772 Voice : (409) 761-2124 FAX : (409) 762-9382 You can send mail to me at any of the following addresses: DECnet : MBIAN::PERRY THEnet : MBIAN::PERRY Internet : perry@mbian.gal.utexas.edu BITNET : PERRY@UTMBEACH SPAN : UTSPAN::UTADNX::MBIAN::PERRY