Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!ll-xn!oberon!pollux.usc.edu!papa From: papa@pollux.usc.edu (Marco Papa) Newsgroups: comp.sys.amiga Subject: Re: THIS VIRUS IS A CRISIS! Message-ID: <6029@oberon.USC.EDU> Date: 6 Jan 88 00:35:44 GMT References: <9659@udenva.cair.du.edu> <483@auvax.UUCP> <297@uwslh.UUCP> Sender: nobody@oberon.USC.EDU Reply-To: papa@pollux.usc.edu (Marco Papa) Organization: Felsina Software, Los Angeles, CA Lines: 37 > I've got a question at this point. Can't one thwart the virus >in the following manner? > > 1) Never NEVER boot from anything but an uninfected disk that >has its write-switch on the "can't-write-to-this-disk" position. > > 2) When one gets a new non-commercial disk, *always* use >INSTALL to overwrite anything in the boot-block, thereby killing off >the virus. > >I may be missing something here...I am not sure. I haven't personally >been infected YET, but then again I've only had my Amiga for a week now! Yes, the above process will do it for the CURRENT crop of viruses, which started with the SCA virus. It won't do it the minute a virus is "attached" to a seemingly innocent PD program on a NON-bootable disk. When you run the program, the virus will become active, and will try to infect all the disks it can (All the ones without write protect). Besides infecting, it can also do other nasty things (like delete ALL your files on a hard disk, which normally does NOT have a hardware write protect). This type of virus/trojan horse/masquerader is hell for SYSOPS, which usually have 100+ Meg disks. In that case the usual recommendation is to try the program the first time on a michine NOT attached to the hard disk (for example without installing hddisk.device). It will also help to use TYPE file OPT h to inspect any instance of DH0:, DH1:, etc...). And of course this is nowhere close to take into account all possible cases. If you think that this is being paranoid, ask anyone of the major PC-DOS BBS Sysops. It has taken over two years for these things to start happening on the Amiga. The stated 500 thousands machines sold make it finally a mass market product, with all the good and bad things (i.e. viruses, widespread piracy) that come with that. The important thing here is to make people informed. Talking about these items at User Group meetings and make them understand the implications is a good start. In my opinion, Commodore has been extremely quick in the response (Vcheck1.0 was out just a few days after the SCA virus was reported). -- Marco