news@acsu.buffalo.edu (10/14/89)
Has anyone heard of the Yale/Alameda virus, and know what it does?
A friend here at school found 3 of his floppies (he's lucky he
doesn't have a hard drive) infected with this by using Viruscan.
Apparently it had only infected the hidden boot files so by
using the SYS command he feels as if his is rid of it. The real
question though is if this is a safe assumption, and how does it
duplicate itself (ie, could it possibly be hidden in other files).
Doug McKee
@relay.cs.net:mckee@canisius.edu
[Ed. Here's what I have (from Joe Hirst's list, which should be
available from the documentation archive site(s)):
15. Yale - AKA Alameda, Merritt
Boot virus - floppy only
Type description:
This virus consists of a boot sector only. It infects floppies in the
A-drive only and it occupies 1K of memory. The original boot sector is
held in track thirty-nine, head zero, sector eight. It hooks into INT
9, and only infects when Ctrl-Alt-Del is pressed. It will not run on
an 80286 or an 80386 machine, although it will infect on such a
machine. It has been assembled using A86. It contains code to format
track thirty-nine, head zero, but this has been disabled.
]