Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!rex!ukma!widener!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: 128a-1ha@web-4e.berkeley.edu
Newsgroups: comp.virus
Subject: Re: Azusa (PC)
Message-ID: <0009.9104162011.AA07133@ubu.cert.sei.cmu.edu>
Date: 14 Apr 91 08:18:43 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 25
Approved: krvw@sei.cmu.edu

padgett%tccslr.dnet@uvs1.orl.mmc.com (Padgett Peterson) writes:
>
>	It seems that quite a few folks are getting hit by the AZUSA
>virus. Removing it, while not very difficult, is complicated by the
>fact that the virus has completely overwritten the master boot record
>code so that the original cannot be simply retrieved from another
>location as with most such viruses (STONED, JOSHI, etc). Since the
>virus has also overwritten the ASCII warning messages, simple patching
>of the virus code to remove the infection is not a good solution.
>
...source code deleted...

	I got a copy of the virus from my friend.  I did find a copy
of the original boot sector on the disk (floppy) not sure about the
partition table though since my hard drive is not infected, it was
located on the second to the last sector.

	Does anyone know does this virus infect all floppy or just some?

I am planning to write a program to write the orig boot sector back. Since
my version of clean does not reconize it yet.  Are there any virus expert
against this?  Say so fast, my program is almost ready..

- --Nelson
- --128a-1ha@web.berkeley.edu