PCOEN@drew.bitnet (Paul Coen) (09/18/90)
Yes, Drew University has had a problem with the 1559 (1554?)
virus. We found it last March/April, and managed to get rid of some
infected programs.
Just today (Monday, 17-Sep), one of our freshpersons came down
to the computer center. Her computer wouldn't boot off the hard
drive. After a few minutes of realizing that there was some kind of
very, very strange problem, I Viruscanned the drive. Of course, 1559
was found on it. She had been given the virus by an unwitting
Sophomore, who had gotten it from his roommate, who might've picked it
up from somewhere else.
We've found at least four generations (of users) who have it.
We have no idea how far it has spread. Our informal survey showed
that only 25-30% of the campus bothered to check their disks for the
virus. Part of that was the fact that users a) don't understand
viruses -- they don't WANT to understand them and b) they're so
amazingly apathetic.
Right now we're trying to assess just how badly we were hit.
One saving point, from a detection standpoint, is that if the virus is
interfering with disk writes, it eventually nails the boot sector,
making the hard drive unbootable, but accessable after a floppy boot.
Zenith MS-DOS writes the current time and date to the boot sector
every once in a while; I don't know if other DOS versions do this.
Anyway, Academic Computing is now in the position of saying "I
told you so," since others (other depts., administrators, etc.)
thought the problem was gone. Hopefully, some of things that should
have been done the first time will happen now.
------------------------
The preceeding may not even be my opinions, never mind Drew U.'s
Paul Coen -- Drew University Academic Computer Center
pcoen@drunivac.bitnet pcoen@drunivac.drew.edu