Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: RADAI1@HBUNOS.BITNET (Y. Radai)
Newsgroups: comp.virus
Subject: Re: 4096 (PC)
Message-ID: <0004.9007301843.AA01312@ubu.cert.sei.cmu.edu>
Date: 30 Jul 90 16:15:15 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 18
Approved: krvw@sei.cmu.edu

David de Leeuw writes:

>2. The boot-sector does get attacked by 4096. (John McAfee's Virlist says
>it does not.)

McAfee's Virlist indicates that the 4096 does not *infect* the boot
sector, and that is correct.  It also indicates that it does not cor-
rupt or overwrite the boot sector.  As far as I know, that too is cor-
rect.  True, the 4096 contains a routine which *tries* to modify the
boot sector in order to display the FRODO LIVES message on subsequent
boots, but I haven't heard of a version which actually *succeeds* in
doing this.  If you have a version which really does this, please let
us know.

                                     Y. Radai
                                     Hebrew Univ. of Jerusalem, Israel
                                     RADAI1@HBUNOS.BITNET
                                     RADAI@HUJIVMS.BITNET