GREVE@wharton.upenn.edu (Michael Greve) (07/21/90)
This afternoon we discovered that two of the machines in our lab have
the 4096 virus on them. One of the people in our office was installing
new software on the hardrives of the lab machines. The machines are
protected with disk manager. The install was going fine until she
reached one certain machine. When she tried booting off her disk
manager disk, it started the booting process then wouldn't read the
disk. When she tried booting without the bootdisk it came back with
"Insert system disk into drive and press any key to continue". The
machine will no longer work. This happened with two machines. When
she tried to check the her disk on a machine in the consulting office
it ruined that one. At that point I ran SCANV62 on the disks she
had been using that day and sure enough every executable file has
4096 on it. We think that since the disk she was using was just created
on a clean machine (we assume) that she picked it up on a lab machine.
Either way we now have three machines that no longer boot up.
I've created a fresh, clean boot disk and tried booting up with it.
All three get to the A prompt but only one will recognize the C: drive.
On that one, every .exe or .com file was infected.
Does anybody have any info on what we can do? How can we get these
machines working again and how can we get rid of this virus? What's
the best way to handle this. Can anybody give me any info on this
virus? Does it normally cause the machine to no longer boot? Any
help would be greatly appreciated. How come diskmanager didn't
stop this virus? I don't know disk manager that well!
Thank you for any assistance.
Michael Greve
University of Pa.
The Wharton School
greve@wharton.upenn.edu