Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!wuarchive!julius.cs.uiuc.edu!rpi!uupsi!njin!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: p1@rlyeh.wimsey.bc.ca (Rob Slade) Newsgroups: comp.virus Subject: Stoned (PC) Message-ID: <0013.9101092021.AA06041@ubu.cert.sei.cmu.edu> Date: 9 Jan 91 18:29:53 GMT Sender: Virus Discussion List Lines: 32 Approved: krvw@sei.cmu.edu jhp@apss.ab.ca (Herb Presley, Emergency Planning Officer) writes: > I have had a problem with the "Stoned" virus on my 8088 based XT. > After the virus appeared on Christmas Day, I reformatted (high level) > the hard drive and reconfigured the partition table using FDISK. Repartitioning and reformatting is a rather drastic way to deal with "Stoned". F-PROT and SCAN will both remove the infection fairly easily. However, none of these measures will be effective if the virus is still resident in memory. You can repartition all you like, "Stoned" will just pop right back in to your "clean" system unless you first boot from a clean source. Also, did you check your floppy disks? > Although the message appeared on Christmas Day, the only problem that > > I'm not even sure if the problems are related. > > Remember that the RAMDRIVE.SYS load worked prior to the appearance of the > "Stoned" virus. I didn't change any parameters prior to that time. I'm not sure they are related either. You say "Stoned" "appeared" on Christmas Day: how do you know that? Are you referring to the "Your PC is now Stoned" message? If so, you should know that the infection could have occured long before that. The message only appears on "1 in 8" boots, and its appearance is randomly generated. It might have been in your system for a long time before you got the message. I suggest you get a copy of F-PROT and check your system *and* floppy disks again. Since you are in Canada, you get antiviral programs and information from the SUZY Information Service. Check out the INtegrity section of the Information Networks.