Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!usc!srhqla!quad1!ttidca!woodside From: woodside@ttidca.TTI.COM (George Woodside) Newsgroups: comp.sys.atari.st Subject: Re: wierd...problems and a benign? anti-virus Message-ID: <9465@ttidca.TTI.COM> Date: 1 Feb 90 12:26:29 GMT References: <4072@jhunix.HCF.JHU.EDU> Reply-To: woodside@ttidcb.tti.com (George Woodside) Distribution: na Organization: Citicorp/TTI, Santa Monica Lines: 48 In article <4072@jhunix.HCF.JHU.EDU> ins_bac@jhunix.UUCP (Ajay Choudhri) writes: ...[edited]... >Secondly, I have no clue where the damn thing came from but I seemed to have >caught a virus..or anti-virus... >I suspect I got it off a local bbs from a .MSA file of TeX >when I boot-up, I get the message that this is an antivirus and it beeps and >flashes when it encounters a disk with an executable boot sector. >Well I have controlled the infection to only 3 disks but I would rather >just have the AV gone. From your desription, this sounds like one I am familiar with. The good news is, it won't harm you. The bad news is, it does spread just as fast as any other virus. It lives in boot sectors, and installs itself in system memory when you boot up with an infected disk. It will then spread itself to every disk with a non-executable boot sector that passes through your ST until the next reset or power off/on. Of course, if the disk in drive A has the virus at that time, it gets reloaded, and continues to spread. It gets to everything, including disks you format. I know of no way you could have become infected except having booted your system with an infected disk in drive A. I have not yet seen any programs which install this (or any other) virus. They must be in the boot sector of the disk in drive A at power up or reset to get installed, and start spreading. To get rid of it, safely, you need to erase it from the boot sector of every disk that has it. Any good virus killer will do this, without harming the data on the disk. The tricky part is, you have to get your system booted up without the anti-virus before you can start cleaning it off. Since it signs on, and does not survive resets, that should't be too difficult. If you don't have a virus killer, get one. You will find them in the archives here, on PD disks from most vendors, and in user group libraries. My latest is still a week or so from distribution, but you may not want to wait that long. Older versions of mine (VKILLER) will recognize and destroy this anti-virus. The anti virus you have will continue to spread until you get it off every disk. If just one copy survives, sooner or later it will probably get installed, and then spread again. -- * George R. Woodside - Citicorp/TTI - Santa Monica, CA * * Path: woodside@ttidca * * or: ..!{philabs|csun|psivax}!ttidca!woodside *