Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!bcm!dimacs.rutgers.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: jhp@apss.ab.ca (Herb Presley, Emergency Planning Officer) Newsgroups: comp.virus Subject: Stoned Virus (PC) Message-ID: <0003.9101092021.AA06041@ubu.cert.sei.cmu.edu> Date: 7 Jan 91 05:33:01 GMT Sender: Virus Discussion List Lines: 63 Approved: krvw@sei.cmu.edu Last week I wrote............. > I have had a problem with the "Stoned" virus on my 8088 based XT. > After the virus appeared on Christmas Day, I reformatted (high level) > the hard drive and reconfigured the partition table using FDISK. > Although the message appeared on Christmas Day, the only problem that > my PC seemed to develop was the inability to load RAMDRIVE.SYS at > bootup. Reconfiguring the partition table and reformatting the hard > drive do not seem to have helped RAMDRIVE.SYS to load. Further to my earlier posting, I got ahold of a copy of McAfee's SCAN program, and it confirmed that the [Stoned] Virus was still affecting my hard drive. So I have now managed to cure the problem, and for what it's worth to anyone, if interested, here's how: 1) I rebooted the system off my floppy system disks (DOS 3.3) which I had COPY PROTECTED! I then backed up all the files onto floppy disks using XCOPY making sure that I had removed drive "C" from the environment path variable; 2) I opened the Partitiion Table and Boot Sector with the Norton Utilities; 3) I OVERWROTE the entire partition table with "0", and wrote it to the disk; 4) I then repartitioned the disk using FDISK; 5) I then reformatted the disk from the system floppies like so - A> format c: /v/s 6) I scanned all floppy disks with the McAfee program PRIOR to copying them to the hard drive. Where I found an infected disk, I repeated the same treatment I had given the hard disk with Norton Utilities. (You can copy the files from a floppy of which you have overwritten the Boot Sector provided that you are careful NOT to overwrite the FAT) and then reformatted them from the system floppies (which I knew to be clean). 7) The problem is solved. The PC is now, according to the McAfee program, clean! And the RAMDRIVER is loading a-ok. Hope this helps anyone else who has been infected by the [Stoned] virus. (By the way, I don't know if you've noticed but the person who wrote the message "Your PC is Stoned! LEGALISE MARIJUANA!" doesn't even know how to spell legalize.......heh! heh! And I'll bet he thinks he's smart.) And one other thing, a warning! I think I picked up the virus from a fairly reputable software company's disks that I purchased several months ago - a word processor, no less! It looks like some this major company may have a snake in the woodpile. I can't mention their name here, however I will be taking my case up with them so that they can call in the mongoose brigade. But be warned! These stupid viruses come from the most unexpected and innocent places! Check everything. If you don't have a copy of a good scan program, I would suggest that you get one. - ------------------------------------------------------------------------------- DISCLAIMER: Any views expressed here are mine alone and do not represent those of this organization email : jhp@apss.ab.ca mail : 10320 - 146 St., Edmonton, Alberta, Canada T5N 3A2 phone : (403) 451-7151