Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: JIMS@SERVAX.BITNET (Jim Schenk) Newsgroups: comp.virus Subject: Re: Stoned virus (PC) Message-ID: <0007.9011261543.AA06200@ubu.cert.sei.cmu.edu> Date: 20 Nov 90 14:33:00 GMT Sender: Virus Discussion List Lines: 48 Approved: krvw@sei.cmu.edu In VIRUS-L #186, Finn M.Jensen writes: > Some time ago I received a 5.25" disk (containing source-code, > OBJ-files and .EXE-files) which I copied (using XCOPY) to the > harddisk. I have used both the .OBJ and .EXE files. > > Later I found out that the disk contained a virus. > > SCANV67C reports that the BOOT sector of the disk (placed in A:) > is infected by the STONED virus, but no viruses are detected on > the C: drive ! > > Questions: > 1) Is my C drive clean ??? If SCAN doesn't detect any viruses on your C: drive, and as long as you didn't boot up from the infected floppy, then your C: drive is probably clean. Like all boot sector viruses, the ONLY way Stoned can infect a hard disk is to boot up from an infected floppy disk. Even if the infected floppy is not bootable (not a system disk), simply having it in the A: drive and rebooting or turning on the computer is sufficient to infect the hard disk. > 2) Is it safe just to copy the files to a new (clean) disk ? Yes. Stoned is strictly a boot sector virus; files are not infected. Just make sure that the virus is not present in memory on the machine you do the copying (boot up from a clean, write- protected DOS disk), and SCAN the target disk when finished just to be safe. > 3) If 1) and 2) have negative answers - what should I do ????? If, perchance, SCAN or some other virus-scanning software DOES detect an infection on your hard disk, the easiest solution is to obtain either F-PROT (Fridrik Skulason, Box 7180, IS-127 Reykjavik, Iceland, frisk@rhi.hi.is) or CLEAN (McAfee - same place you got SCAN). I believe the latest version of F-PROT (1.13) is available through anonymous ftp from chyde.uwasa.fi or from comp.binaries.ibm.pc; as for CLEAN, try the Home Base BBS at (408)- 988-4004, or ftp from mibsrv.mib.eng.ua.edu. Jim Schenk University Computer Services Florida International University Bitnet: jims@servax Internet: jims@servax.fiu.edu