Alan_J_Roberts@Sun.COM (07/22/89)
Hans Varkevisser described what appears to be the Ping Pong virus and asks
if there is any way to deal with it short of a low level format. The Ping
Pong (Italian) is a boot infector and can be removed with McAfee's MDISK
programs. The CVIA is distributing these programs free of charge (with
proof of infection) to anyone infected with a boot or partition table virus.
They've been tested against all the viruses we know about and work flawlessly
against all boot and partition table viruses.
Contact the CVIA at 408 727 4559 or page SysOp on HomeBase at
408 988 4004 to get these programs.
Alan Roberts.MARKZ@UIUCVMD.BITNET (Mark S. Zinzow) (11/10/89)
This is a slightly edited copy of our local warning.
Today (Thursday, November 9, 1989) the Ping Pong B virus was found
on an XT in Newmark hall here at the University of Illinois at
Urbana-Champaign. This is the third virus to infect IBM PC's here.
The previous PC viruses were Brain and Jerusalem.
This virus is a boot sector infector and also goes by the names
Bouncing Ball, Italian, VERA CRUZ, and VERA CRUZ B.
Please use scanv48.arc (anonymous ftp'able from uxe.cso.uiuc.edu
in the directory pc/virus) to search systems for infection, and
unvir6.arc (from the same place) to remove the virus from infected
systems. VIRUSCAN, the name for the package of programs in
scanv48.arc, is a shareware product. Just this week CSO has
purchased a site license for the U. of I. so you may ignore the
request for a $25 registration if you are using this software here.
SCAN.EXE (in scanv48.arc) will report two versions of Ping Pong when
it is found. This is a bug, the B version also triggers the message
for the non-B version. So far, we think we only have one version
of this virus floating around.
The program IMMUNE by Yuval Ratavy in unvir6.arc will make your
system immune to the Ping Pong, Jerusalem, and several other
viruses.
Please call me (244-1289 or email markz@vmd.cso.uiuc.edu) if you
find a copy of PING PONG as I'm trying to figure out the extent and
locations where this virus has spread.
In the local versions of this announcement, excerpts from the following
VIRUS-L Digests were included:
VIRUS-L Digest Wednesday, 18 Jan 1989 Volume 2 : Issue 18
Subject: Re: The Ping-Pong virus (PC)
VIRUS-L Digest Thursday, 9 Mar 1989 Volume 2 : Issue 61
Subject: Re: Bouncing ball virus (PC)
VIRUS-L Digest Friday, 10 Mar 1989 Volume 2 : Issue 62
Subject: bouncing ball virus (PC)
VIRUS-L Digest Wednesday, 10 May 1989 Volume 2 : Issue 112
Subject: Yet more on SYS (PC)
VIRUS-L Digest Friday, 12 May 1989 Volume 2 : Issue 114
Subject : 1 byte can save us from the Ping Pong virus (PC)
- -------Electronic Mail---------------U.S. Mail---
ARPA: markz@vmd.cso.uiuc.edu Mark S. Zinzow, Research Programmer
BITNET: MARKZ@UIUCVMD.BITNET University of Illinois at Urbana-Champaign
CSNET: markz%uiucvmd@uiuc.csnet Computing Services Office
"Oh drat these computers, they are 150 Digital Computer Laboratory
so naughty and complex I could 1304 West Springfield Ave.
just pinch them!" Marvin Martian Urbana, IL 61801-2987
USENET/uucp: {uunet,convex,att}!uiucuxc!uiucuxe!zinzow
Phone: (217) 244-1289 Office: CSOB 110 \markz%uiucvmdMAINT@PUCC.BITNET (Melinda Varian) (11/21/89)
Although I recognize that this is not the appropriate forum for discussion of the BITFTP server, since BITFTP has been being discussed here, I would like to correct some misapprehensions: BITFTP does handle binary files; indeed, it distributes hundreds of them everyday. BITFTP is currently designed to be used only within the BITNET/ EARN/NetNorth network; it distributes all files (both binary and text) in NETDATA format, which means it cannot send files through mail-only gateways into other networks. I have addressed the original complaint about BITFTP that was broadcast to this list, i.e., that it was not accepting FTP requests for the UXE.CSO node. Requests to that node had regularly been resulting in hung FTP sessions, but I believe that I have now circumvented that problem, so I am again accepting requests to access it. Anyone wanting further information on BITFTP should send mail or an interactive message to BITFTP@PUCC. Melinda Varian [Ed. Thanks for the clarification!]
mckeeby@cis.ohio-state.edu (Jon Mckeeby) (02/28/90)
An IMB PC with a hard disk in a lab of ours was infected with the Ping Pong
Virus. I know that the Ping Pong Virus is a boot infector virus so we removed
it by using the DOS SYS command. However, I have other questions about the
virus. If you have an answer please reply via the newsgroup or my mailing
address: mckeeby@andy.bgsu.edu.
1. How does the virus spread?
2. Are there available detection/protection programs
to safeguard against new infections. What are they?
3. How is the virus activated?
4. What does the virus do besides infect the boot sector?
5. Is the DOS SYS command the best way to remove the infection?
6. Are there public domain programs to remove an infection
of the ping-pong / bouncing ball virus? What are they?
7. Is the ping-pong and the bouncing ball virus the same virus?
8. An infected user said they had the Brain virus on there disk
and before using the infected ping-ponged hard disk it was
clean. Is there any correlation between these two viruses?
I don't think so, but I want to make sure.
Thank you very much for your time,
Jon McKeeby
Graduate Assistant
Microcomputer / Microcomputer Virus Support
Bowling Green State University