LUCKSMITH%ALISUVAX.BITNET@IBM1.CC.Lehigh.Edu (08/16/89)
The unknown virus that Andrew Berman referred to in his submission of 14 Aug 89 sounds very much like one encountered here within the last 90 days. Various names exist for it, including Friday the 13th, Israeli, Jerusalem, Black Box and others. The virus is a TSR type that infects .COM and .EXE files replicating itself into the files (once only for .COM and repeatedly for .EXE). (It will infect and replicate itself in ANY executible, no matter the extension..check especially .OVL and .SYS) The virus under certain circumstances will delete files from the disk on Friday the 13th. Norton Utilities is capable of identifying the infected files by searching for the hexadecimal string E9 92 00 73 55 4D 73 44. Those eight bytes invariably occurred in the virus found here. A system can only be certified clean of the virus if the system is cold-booted from a clean system and the source files to be used are checked and found to be clean before they are used. This virus is very contagious...during the cleanup and check phase we infected FluShot+ more than once. There is an article by Yisrael Radai, Hebrew Univ. of Jerusalem, on the "original" Israeli PC virus in April 1989 issue of Computers and Security (UK publication, Elsevier Science Pub., Ltd. Vol.8, No. 2) and a paper by Jim Goodwin on Israeli viruses, available from the moderator of this forum. Based on our recent experience, good luck, and happy cleaning. David Rehbein, Thompson@alisuvax.bitnet Marsha Luckett-Smithson, LuckSmith@alisuvax.bitnet Ames Laboratory USDOE, Iowa State University
berman-andrew@CS.YALE.EDU (Andrew P. Berman) (08/17/89)
I want to thank everyone who mailed/posted responses to my posting about the virus which infected my friend's disks. She think's she's cleaned it out by copying only the source codes to new disks, zapping the hard drives, and recompiling everything on the clean hard disks. BTW, there is an article in this month's Popular Science on computer viruses. Once again, Thanks Andrew Berman