Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!olivea!samsung!uunet!munnari.oz.au!uniwa!cc.curtin.edu.au!cutmcvax!peter From: peter@cutmcvax.cs.curtin.edu.au (Peter Wemm) Newsgroups: comp.sys.amiga.misc Subject: Re: A virus that popped up on my 3000's hard drive Message-ID: Date: 26 Apr 91 17:38:54 GMT References: <1991Apr24.024037.25613@netcom.COM> Sender: news@cutmcvax.cs.curtin.edu.au (Usenet News System) Organization: Curtin University of Technology, Computing Science Lines: 39 Nntp-Posting-Host: cutmcvax.cs.curtin.edu.au rodent@netcom.COM (Ben Discoe) writes: >I practice safe software, never running programs from BBSs, never >swapping software with pirates, etc. However, the 3000 that we do our >commercial development on was struck by a virus today. When starting >ced (CygnusEd), I got a black screen with thick white letters saying >something along the lines of "Computer Viruses are a horrible Disease... >This is the Cure" with something else that went by so quick I couldn't >read it. The next time I rebooted, I got a 1-2 second pause before >any program ran, and the Amiga ignored my system-configuration file. >Looking around, I found a file in DEVS: with an apparently blank file >name ("") which was tricky to delete. Once it was removed, >my system went back to normal... apparently. The "Computer Viruses >are a Disease" message has come back three times since then, so the >darn virus is still alive, hiding in there somewhere. It also modified >"setpatch", the first line in my startup-sequence, to be some mysterious >chunk of code. I beleive the virus that you describe is called "BGS 9" or something.. It is a file virus.. It creates a file with unprintable characters, and either puts it in devs and runs it from the startup-sequence, or it renames a particular file (first in startup-sequence), puts it's code in it's place and runs the renamed version. You need to locate it, and delete it.. or preferably get a virus killer that can deal with it... Be warned: It spreads like wildfire! It could be in multiple places on the Hard Disk, and probably not in any bootblocks on your disks.... It takes a LONG time to get rid of if it gets very far... >-------------- >Ben in San Jose, trying to escape this horrible city. -- Peter Wemm ------------------------------------------------------------------------------ peter@cs.curtin.edu.au (Home) +61-9-450-5243 Curtin University of Technology, Perth, Western Australia. Amiga... Because life is too short for boring computers. (Dan Zerkle)