LUKEN@IBM1.CC.Lehigh.EDU (The Moderator Kenneth R. van Wyk) (05/20/89)
VIRUS-L Digest Friday, 19 May 1989 Volume 2 : Issue 120 Today's Topics: Atari ST boot sector virus (possible new strain) blown floppy disk (PC) nVIR infection, other problems (Mac) --------------------------------------------------------------------------- Date: Thu, 18 May 89 13:55 CDT From: Gordon Meyer <K0GRM1@NIU.BITNET> Subject: Atari ST boot sector virus (possible new strain) Last night I discovered a virus on my Atari ST. It's a boot sector type, and I caught it before it did anything more than copy itself onto about 4 of my disks. I was able to trace the source to a disk of software I got from a friend of a friend that supposedly came from Europe originally. George Woodside's VKILLER program was unable to identify the virus itself, but it was instrumental in helping to confirm that it was self-replicating boot sector code. I've sent a copy of the infected disk to Mr. Woodside. Should he let me know what the virus was intended to do, and add detection of it to VKILLER I'll let the net know. Anyone desiring further information can contact me. - -=->G<-=- - -------------------------------------------------------------------- | Gordon R. Meyer, Northern Illinois University, Dept of Sociology | | GEnie: GRMEYER, CIS: 72307,1502, Phone: (815) 753-0555 | | Bitnet: Tee-Kay-Zero-Gee-Are-Em-One AT Enn-Eye-You.bitnet | |------------------------------------------------------------------| | "Resist much, obey little" - Edward Abbey 1928 - 1989 | | "Sometimes being right is not enough..." - Abbie Hoffman | | 1936 - 1989 | |------------------------------------------------------------------| | Disclaimer? Grad students don't need 'em! | |__________________________________________________________________| ------------------------------ Date: Thu, 18 May 89 17:17:47 EDT From: "W. K. (Bill) Gorman" <34AEJ7D@CMUVM.BITNET> Subject: blown floppy disk (PC) First, my thanks to everyone who responded to my question about this, both on the list, privately, and via phone. Thanks, guys! I have recovered the files from the disk (most of them, anyway) and it does have all the earmarks of a virus - trouble is, I don't know which one. The first (but not the second) copy of the FAT was trashed, and the directory was damaged. The user tells me that the same symptoms are starting to show up on their HD. I have a nasty suspicion that they have IT! Bill. ------------------------------ Date: Fri, 19 May 89 15:08:19 edt Sender: Virus Alert List <VALERT-L@IBM1.CC.Lehigh.Edu> From: <GATEH@CONNCOLL.BITNET> Subject: nVIR infection, other problems (Mac) Apologies for a somewhat inappropriate posting, however I am concerned about a lab of Mac II's that is to be used as for a Faculty Open House next Wed., and as VIRUS-L is temporarily on vacation, I wasn't sure how else to go about getting help. We've had/are having some mild difficulties with nVIR in this lab, but they are controllable. However in the process of checking systems I have run into a few other items which have worried me, and I can't seem to match the symptoms with the info I have on known Mac viruses. The worries began when a system refused a locked virus-fighting disk, saying that it needed minor repairs (like INIT 29). With a move straight from deep space, I unlocked the disk and reinserted it, and attempted to run Disinfectant 1.1. It gave me a message that it was corrupted by either a virus or disk error, and would not run. I then ran ResEdit and discovered that the Desktop contained, as it's first resource, an unnamed resource. When opened, it contained one resource ID=0 which I cannot open. Size: 1082208 (!!?!?) Attributes: Purgeable, Preload. The last resource of the Desktop is call "<not equal sign>VIR", and contains one resource ID=0. It opens to show one line of data/code. Size: 6 Attributes: Purgeable, Preload. I checked a few other systems, and they had the same symptoms, although one system had _two_ unnamed resources in the Desktop file. Disinfectant 1.1 and VirusRx 1.4a2 say the disk is fine. Anti-Virus Kit from 1st Aid Software says there has been an infection, but provides no info. (We just received this, and so far I'm _not_ impressed). 1st Aid Kit HFS says the disk's directory is damaged and that the disk is unusable. Because of a lack of time (due to the upcoming Open House), I've not had a chance to investigate further. I'm not exactly a Mac programming pro, and so I'm not sure if I should be suspicious or not. I don't know whether to think it was just a disk error, or what. If anyone has an insight into this situation, please PLEASE PLEASE write directly to me and NOT to this list, so that traffic may be kept at a minimum. - Gregg *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* Gregg TeHennepe | Academic Computing and User Services Minicomputer Specialist | Box 5482 BITNET: gateh@conncoll | Connecticut College Phone: (203) 447-7681 | New London, CT 06320 ------------------------------ End of VIRUS-L Digest *********************