Path: utzoo!attcan!uunet!cs.utexas.edu!usc!srhqla!quad1!ttidca!woodside
From: woodside@ttidca.TTI.COM (George Woodside)
Newsgroups: comp.sys.atari.st
Subject: Re: PageStream 1.8 virus (not a rumor)
Message-ID: <9906@ttidca.TTI.COM>
Date: 13 Feb 90 13:06:32 GMT
References: <900211.09192530.029680@SFA.CP6> <28923@brunix.UUCP>
Reply-To: woodside@ttidcb.tti.com (George Woodside)
Organization: Citicorp/TTI, Santa Monica
Lines: 34

In article <28923@brunix.UUCP> rjd@cs.brown.edu (Rob Demillo) writes:
...[edited]...
>This is directly from the horse's mouth, as it were...the statement
>was issued by SoftLogik, Inc. to the ST Report. It the statement it
>is refered to as the "key virus." (Anyone hear of this?) Any of the
>anti-virus programs should take care of it, but Soft Logik is,
>of course, exchanging disks if you are nervous.

The "KEY" virus is the most widespread virus in the USA. That is
because it displays no symptoms, it only spreads. It represents
two dangers:
1) It spreads to every disk that passes through the ST while the
virus is active, thus wiping out existing executable boot sectors
on disks which must have them. This can render a disk which must
be self-booting useless.

2) It is called the "KEY" virus because, once installed in a
system, it checks every passing disk for a "KEY" value in the
boot sector. If it locates one, it will cause the execution of
whatever code is on that disk, even if the machine is not being
powered up or reset at the time the "KEY" disk is located. There
have been no episodes of a "KEY" disk being located reported, to
date. That doesn't mean they don't exist. That only means that
I haven't heard of them, or the victim of whatever the "KEY" did
was not aware of the cause (which is quite likely, if such an event
has occurred).

Every virus killer I've seen (or written, of course) will eradicate
this virus.

-- 
* George R. Woodside - Citicorp/TTI - Santa Monica, CA *
* Path:       woodside@ttidca                          *
*   or:       ..!{philabs|csun|psivax}!ttidca!woodside *