Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: ecs50145@zach.fit.edu ( COLDENHOFF) Newsgroups: comp.virus Subject: Need help with (c) Brain Message-ID: <0001.9101031858.AA06371@ubu.cert.sei.cmu.edu> Date: 25 Dec 90 04:23:14 GMT Sender: Virus Discussion List Lines: 31 Approved: krvw@sei.cmu.edu Hello All... I seem to have been infected by the (c) Brain virus recently, and I have some questions... I do not quite understand how this boot sector virus was able to contaminate my disks without actually booting from them. Does DOS routinely load in and execute some portion of a floppy if referenced?? Or is there a program that is typically the carrier? From what I have read, (c) Brain resides in memory and infects floppies - but how is the virus initially loaded in? Does anybody know what the typical virus scanner looks for in reference to this virus? I hope it doesn't just look for the label - as none of my other disks seem to have it and I have never used anyone else's disks... I would like to know that for instance, McAfee's SCAN will tell me a disk is infected regardless of the presence of the (c) Brain label... Now, I had the impresion that if (c) Brain was in memory that chkdsk /a would return about 7K less total system memory than the computer actually has. When I tried it however, the total memory was ok, but available memory was down by some 50K... Did I miss something here? Please respond via e-mail and I will post a summary at a later date. Thank you in advance, Tim Coldenhoff Internet: ecs50145@zach.fit.edu