Path: utzoo!attcan!uunet!mailrus!uwm.edu!cs.utexas.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: plains!umn-cs!LOCAL!aslakson@uunet.UU.NET (Brian Aslakson) Newsgroups: comp.virus Subject: Re: Removal of Stoned Virus (PC) Message-ID: <0011.9007301317.AA00380@ubu.cert.sei.cmu.edu> Date: 29 Jul 90 05:37:02 GMT Sender: Virus Discussion List Lines: 61 Approved: krvw@sei.cmu.edu 70033.1271@CompuServe.COM (Steve Albrecht) writes: >> From: Yavuz Selim KOMUR >> We have Stoned virus in PC. How I clear virus it from partion >> table. I tried to format hard disk two times, but I couldn't >> successfull. Thank for your comments. >... >USE DISK MANAGER TO LOW-LEVEL FORMAT, RE-PARTITION, AND HIGH-LEVEL >FORMAT THE HARD DISK. Low-level formatting the hard disk and re- >... WRONG!!!! DON'T do this!! It is unecessarily complicated/roundabout/ unnecessary. The following is what worked for me to disinfect several harddrives and floppys that were infected with the Stoned virus (and some with Jerusalem B): 1. Make backups. The ones I worked on has a complete set up stored on a server, and data files were the users responsibility (made it easier). I like the idea of using Fastback, like Steve mentions. I'd only back up data files, though, and use the original, write protected floppys to put the programs back on. 2. Get SCAN.EXE from an ftp site or get it from McAfee's BBS. (ftp is probably the better choice, hey?) I think that mibsrv.mib.eng.ua.edu and rascal.ics.utexas.edu (134.82.1.1) have the latest version (SCANV64.ZIP, I think). Also get CLEAN.EXE (archived as (I think) CLEANV64.ZIP). Download it to a clean machine (Boot from a clean, write protected system disk, and don't use any executables off the hard drive, only off an original write prote....) At worst, the SCAN program would get infected, but would probably still work. Read the documentation. 3. Read the manual. Use SCAN. 4. Boot from a clean write protected floppy, and use CLEAN.EXE to clean up the infection. (of course, read the manual for it!) 4.5 There are other products out there, I just know and respect SCAN. Check out the ftp site's archives, and get what looks good. Have backups, and read the manual! 5. The way I heard it, sometimes ya lose it. On floppies, if there are subdirectories, you end up with everything in the root dir. If this happens, go back and pretend your drive is brand new, and start fresh. From low-level. 6. I had NO NO NO trouble, and things worked fine after that. 7. I have a buddy who prefers the FPROT set. I don't know it, but whatever works best for you. 8. If you get saved money, (time, hair pulling), it might be worth it to send in a shareware registration to whoever wrote the anti-virus product you use. (I still haven't, but I will, really!). 9. Let me know what happens (especially when you SCAN'd, did you find other viruses?). 10. I have a clone of my own (always clean so far!!), in spite of the signature (I can't afford a Mac). - -- Macintosh related: mac-admin@cs.umn.edu All else: aslakson@cs.umn.edu