Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!cica!ogre!mr
From: mr@ogre (Michael Regoli)
Newsgroups: comp.windows.ms
Subject: Re: Possible Virus in cica.cica.indiana.edu
Message-ID: <mr.657330705@ogre>
Date: 30 Oct 90 23:51:45 GMT
References: <1990Oct30.200205.1245@cunixf.cc.columbia.edu>
Sender: news@cica.cica.indiana.edu
Lines: 30

In <1990Oct30.200205.1245@cunixf.cc.columbia.edu>
jpl5@cunixb.cc.columbia.edu (Jay P Lessler) writes:

> After reading the message here about a possible virus in cursor.zip (The file
> that changes the mouse pointer, from cica) I checked my hard disk with
> Norton Utilities' Speed Disk.  It seems that some program has been allocating
> blocks as unmovable.  Since everything that I run is also being run on my
> friend's pc, except cursor.zip, I believe curse.exe contains a virus.  

Now just hold on a minute!  That "program" that is allocating blocks
as unmovable could be DOS!

If you are using version 5.0 of Norton's SpeedDisk program, look under
the "Information/Show Static Files" menu.  I'll bet what you'll find
as "unmovable" are COMMAND.COM, IBMBIO.COM, IBMDOS.COM, and any other
file that has one of the following attributes: hidden, read-only, or
system.  (Under 4.5 of SpeedDisk, there is a similar menu under
"Statistics" or some such that shows unmovable files.)

Let's get a little more information before jumping off the deep end.
I've tested CURSE.EXE on my system when it arrived in late July.  No
problems whatsoever.  If anyone has any evidence that
pub/pc/win3/util/cursor.zip contains a virus, please contact me
immediately.

--
michael regoli
mr@cica.indiana.edu 
regoli@iubacs.bitnet
...rutgers!iuvax!cica!mr