okay@tafs.mitre.org (Okay, S J) (01/17/90)
Arrrrggghhhh...After years of vigilance and checking everything I put in the machines I use, I've finally been hit and hit bad. My A2000 has contracted a bad case of XENO in just about all the directories on my HD, so I am seriously considering a low-level format of my HD(fortunately I have been wise enough to do continual backups and offloading). So, questions for those Amiga users out there who have had Xeno, or from those who know more technical details about it: 1. How did you deal with it???---I've about running KV on all of the infected files, but it appears that KV only disables, and doesn't remove the XENO virus. If this is true, how dangerous is an immobilized XENO, compared to a live one???---This is the main reason I am considering calling in an airstrike to blast my filesystem, since I'm assuming it could come back again in the same files if I ever catch a live copy again.... 2. What exactly are the general symptoms. All I know is that I found it in my CRONTAB file ( which makes it a pretty stupid virus in my book...I basically have a disassembly of the little bugger tacked onto my CRONTAB entries), and some how it got into my Cron daemon and it spread from there.... 3. Any other helpful hints/comments/ideas you might have to offer.... Comments: I know who I got it from and he checked his system and it was crawling all over there too, so the source has been isolated. The way I found it was through my Startup-Sequence failing numerous times because "echo", "date" and "read" had had their filetypes changed from executables to scripts and had to be replaced. I'd also been getting an inordinate amount of Guru meditation #'s, specifically #000000003 (CPU trap). It wouldn't have spread so fast I don't think if it hadn't gotten into Cron, which I make heavy use of.... Its easy for this one to sneak by, because until now, we Amigoids haven't had to worry about anything except for Boot-infectors. Hence, there were no readily available file-infectors to detect it until recently. If what I've seen is any indication, I'd say its a pretty stupid virus in terms of propagation...like I said, I found it in my CronTab as well as a few other script and non-executable files.... I figure if I don't hear back in a few days with contrary recommendations, I'll just have my system "duck and cover" and drop a 20 megaton low-level format bomb on the whole thing and be done with it. - ----Steve - ------------------- Stephen Okay OKAY@TAFS.MITRE.ORG Technical Aide, The MITRE Corporation