lhb@duke.cs.duke.edu (Pete Boyd) (05/02/91)
Recently we learned that a PC on campus had been infected with the "Yankee Doodle" virus. The PC was scanned with the McAfee Associate's virus detection software and was confirmed to be infected. I removed the infected software and, according to the virus detection software, the PC is virus free. Question? How is the Yankee Doodle virus transmitted? Should I look for other symptoms?
gauthier@ug.cs.dal.ca (Paul Gauthier) (05/03/91)
In article <673197135@mars.cs.duke.edu> lhb@duke.cs.duke.edu (Pete Boyd) writes: >Recently we learned that a PC on campus had been infected with >the "Yankee Doodle" virus. The PC was scanned with the >McAfee Associate's virus detection software and was confirmed >to be infected. > The Yankee Doodle was also seen around these parts a few months ago on our school PCs and some others which I know of. We cleaned it up and it never re-infected, so we have no idea where it came from. It appears to infect EXEs and COMs when they are accessed by the system (COPY, executed, etc) but I'm not sure of the exact method. I'd recommend regular runnings of the SCANning program for a few weeks at least to make sure it doesn't creap back in from floppies or backups. Also, be sure to run the program so that it scans ALL files, not just EXE and COM because YankeeDoodle knows how to infect EXEs which are stored on disk with other extensions. One software package we had used ".UTL" files to store various modules in, but they were really just EXE files renamed to UTL and then named back again whenever the main program wanted to call a sub-program. This is how we re-infected ourselves a few times. We cleaned out all the EXE and COMs but missed those files and the virus came back that way. PG -- ============================================================================ Paul Gauthier | gauthier@ug.cs.dal.ca President, Cerebral Computer Technologies | tyrant@dalac.bitnet Phone: (902)462-8217 Fax: (send email first) | tyrant@ac.dal.ca
public@cc.tut.fi (PD Software Group) (05/03/91)
In article <673197135@mars.cs.duke.edu> lhb@duke.cs.duke.edu (Pete Boyd) writes: >Recently we learned that a PC on campus had been infected with >the "Yankee Doodle" virus. The PC was scanned with the >McAfee Associate's virus detection software and was confirmed >to be infected. >... >Question? How is the Yankee Doodle virus transmitted? Should I > look for other symptoms? Yankee Doodle gets in memory when infected file is executed. After that it will infect every .COM and .EXE file that is executed. There are many versions of Yankee Doodle (48 different variants - the first ones are usually identified as Vacsina and the newer ones as Yankee Doodle). Some Yankee Doodles play their tune (yankee doodle dandy) when system clock is 5.00pm, some YDs play it when ctrl-alt-del is pressed, some play it when infection happens... There are more information about that virus (and about many other viruses) in the Patricia Hoffman's Virus summary. It is available on many anonymous FTP sites - the newest version of it is named VSUM9104.ZIP. -- Tapio Keih{nen | "Whenever you dream Mesihein{nkatu 2 B 6 | you're holding the key, 33340 Tampere, Finland | it opens the door public@cc.tut.fi | to let you be free" - RJD '85