Path: utzoo!attcan!uunet!zaphod.mps.ohio-state.edu!uwm.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: PSYMCCAB@VM.UoGuelph.CA (Bob McCabe) Newsgroups: comp.virus Subject: New Virus? (The Invader?) (PC) Message-ID: <0006.9012101454.AA21256@ubu.cert.sei.cmu.edu> Date: 7 Dec 90 23:37:59 GMT Sender: Virus Discussion List Lines: 26 Approved: krvw@sei.cmu.edu I got word today of a possible new virus that was apparently deliberaty spread around at the Canadian Computer Show. As I have not heard or seen any postings of a simular virus I thought I'd post a description here to see if anyone knows anything about it. The virus apparently infects the CMOS on an AT, changing the drive type after an incubation period, and the locking out the hard drive. It can be spread by running a program from an infected disk (how disks are infected is unknown, nor is it know if a particular program is the source). According to one distributor that got hit, the only way to remove the virus is to disconect the AT board from the battery backup and to wipe the BIOS on the hard disk controler. This may be a little extreme, but I have yet to see an infected machine. Apparently there is also a message displayed when the virus becomes active, calling the virus 'THE INVADER'. Does this sound simular to any know virus? Does SCAN pickup the virus, and if so which version? Is there a simpler way to remove the virus from an infected machine? Any help would be appreciated. I should get a copy of an infected disk on monday and may have more information then. ======================================================================== INET : PSYMCCAB@VM.UOGUELPH.CA Bob McCabe CoSy : bmccabe Psycholgy Dept., Compuserv : 72260,1501 University of Guelph Phone : (519) 821-8982 Guelph, Ont. Canada =========================================================================