Alan_J_Roberts@Sun.COM (07/22/89)
Hans Varkevisser described what appears to be the Ping Pong virus and asks if there is any way to deal with it short of a low level format. The Ping Pong (Italian) is a boot infector and can be removed with McAfee's MDISK programs. The CVIA is distributing these programs free of charge (with proof of infection) to anyone infected with a boot or partition table virus. They've been tested against all the viruses we know about and work flawlessly against all boot and partition table viruses. Contact the CVIA at 408 727 4559 or page SysOp on HomeBase at 408 988 4004 to get these programs. Alan Roberts.
MARKZ@UIUCVMD.BITNET (Mark S. Zinzow) (11/10/89)
This is a slightly edited copy of our local warning. Today (Thursday, November 9, 1989) the Ping Pong B virus was found on an XT in Newmark hall here at the University of Illinois at Urbana-Champaign. This is the third virus to infect IBM PC's here. The previous PC viruses were Brain and Jerusalem. This virus is a boot sector infector and also goes by the names Bouncing Ball, Italian, VERA CRUZ, and VERA CRUZ B. Please use scanv48.arc (anonymous ftp'able from uxe.cso.uiuc.edu in the directory pc/virus) to search systems for infection, and unvir6.arc (from the same place) to remove the virus from infected systems. VIRUSCAN, the name for the package of programs in scanv48.arc, is a shareware product. Just this week CSO has purchased a site license for the U. of I. so you may ignore the request for a $25 registration if you are using this software here. SCAN.EXE (in scanv48.arc) will report two versions of Ping Pong when it is found. This is a bug, the B version also triggers the message for the non-B version. So far, we think we only have one version of this virus floating around. The program IMMUNE by Yuval Ratavy in unvir6.arc will make your system immune to the Ping Pong, Jerusalem, and several other viruses. Please call me (244-1289 or email markz@vmd.cso.uiuc.edu) if you find a copy of PING PONG as I'm trying to figure out the extent and locations where this virus has spread. In the local versions of this announcement, excerpts from the following VIRUS-L Digests were included: VIRUS-L Digest Wednesday, 18 Jan 1989 Volume 2 : Issue 18 Subject: Re: The Ping-Pong virus (PC) VIRUS-L Digest Thursday, 9 Mar 1989 Volume 2 : Issue 61 Subject: Re: Bouncing ball virus (PC) VIRUS-L Digest Friday, 10 Mar 1989 Volume 2 : Issue 62 Subject: bouncing ball virus (PC) VIRUS-L Digest Wednesday, 10 May 1989 Volume 2 : Issue 112 Subject: Yet more on SYS (PC) VIRUS-L Digest Friday, 12 May 1989 Volume 2 : Issue 114 Subject : 1 byte can save us from the Ping Pong virus (PC) - -------Electronic Mail---------------U.S. Mail--- ARPA: markz@vmd.cso.uiuc.edu Mark S. Zinzow, Research Programmer BITNET: MARKZ@UIUCVMD.BITNET University of Illinois at Urbana-Champaign CSNET: markz%uiucvmd@uiuc.csnet Computing Services Office "Oh drat these computers, they are 150 Digital Computer Laboratory so naughty and complex I could 1304 West Springfield Ave. just pinch them!" Marvin Martian Urbana, IL 61801-2987 USENET/uucp: {uunet,convex,att}!uiucuxc!uiucuxe!zinzow Phone: (217) 244-1289 Office: CSOB 110 \markz%uiucvmd
MAINT@PUCC.BITNET (Melinda Varian) (11/21/89)
Although I recognize that this is not the appropriate forum for discussion of the BITFTP server, since BITFTP has been being discussed here, I would like to correct some misapprehensions: BITFTP does handle binary files; indeed, it distributes hundreds of them everyday. BITFTP is currently designed to be used only within the BITNET/ EARN/NetNorth network; it distributes all files (both binary and text) in NETDATA format, which means it cannot send files through mail-only gateways into other networks. I have addressed the original complaint about BITFTP that was broadcast to this list, i.e., that it was not accepting FTP requests for the UXE.CSO node. Requests to that node had regularly been resulting in hung FTP sessions, but I believe that I have now circumvented that problem, so I am again accepting requests to access it. Anyone wanting further information on BITFTP should send mail or an interactive message to BITFTP@PUCC. Melinda Varian [Ed. Thanks for the clarification!]
mckeeby@cis.ohio-state.edu (Jon Mckeeby) (02/28/90)
An IMB PC with a hard disk in a lab of ours was infected with the Ping Pong Virus. I know that the Ping Pong Virus is a boot infector virus so we removed it by using the DOS SYS command. However, I have other questions about the virus. If you have an answer please reply via the newsgroup or my mailing address: mckeeby@andy.bgsu.edu. 1. How does the virus spread? 2. Are there available detection/protection programs to safeguard against new infections. What are they? 3. How is the virus activated? 4. What does the virus do besides infect the boot sector? 5. Is the DOS SYS command the best way to remove the infection? 6. Are there public domain programs to remove an infection of the ping-pong / bouncing ball virus? What are they? 7. Is the ping-pong and the bouncing ball virus the same virus? 8. An infected user said they had the Brain virus on there disk and before using the infected ping-ponged hard disk it was clean. Is there any correlation between these two viruses? I don't think so, but I want to make sure. Thank you very much for your time, Jon McKeeby Graduate Assistant Microcomputer / Microcomputer Virus Support Bowling Green State University