Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!caesar.cs.montana.edu!icsu8053 From: icsu8053@caesar.cs.montana.edu (Craig Pratt) Newsgroups: comp.sys.atari.st Subject: Key virus NOT harmless Message-ID: <3117@caesar.cs.montana.edu> Date: 14 Feb 90 09:12:09 GMT Sender: news@caesar.cs.montana.edu Reply-To: icsu8053@caesar.cs.montana.edu (Craig Pratt) Organization: Montana State University, Dept. of Computer Science, Bozeman MT 59717 Lines: 72 In article <9906@ttidca.TTI.COM> you write: >In article <28923@brunix.UUCP> rjd@cs.brown.edu (Rob Demillo) writes: >...[edited]... >>This is directly from the horse's mouth, as it were...the statement >>was issued by SoftLogik, Inc. to the ST Report. It the statement it >>is refered to as the "key virus." (Anyone hear of this?) Any of the >>anti-virus programs should take care of it, but Soft Logik is, >>of course, exchanging disks if you are nervous. > >The "KEY" virus is the most widespread virus in the USA. That is >because it displays no symptoms, it only spreads. It represents >two dangers: >1) It spreads to every disk that passes through the ST while the >virus is active, thus wiping out existing executable boot sectors >on disks which must have them. This can render a disk which must >be self-booting useless. > >2) It is called the "KEY" virus because, once installed in a >system, it checks every passing disk for a "KEY" value in the >boot sector. If it locates one, it will cause the execution of >whatever code is on that disk, even if the machine is not being >powered up or reset at the time the "KEY" disk is located. There >have been no episodes of a "KEY" disk being located reported, to >date. That doesn't mean they don't exist. That only means that >I haven't heard of them, or the victim of whatever the "KEY" did >was not aware of the cause (which is quite likely, if such an event >has occurred). > >Every virus killer I've seen (or written, of course) will eradicate >this virus. > >-- >* George R. Woodside - Citicorp/TTI - Santa Monica, CA * >* Path: woodside@ttidca * >* or: ..!{philabs|csun|psivax}!ttidca!woodside * I just ran into this virus yesterday and it is not even in the general sense harmless! It ate two of my disks last night before I could isolate it and kill it. I figured the first disk, my WordPerfect document disk, had gone bad but the second disk made me suspicious so I ran the *excellent* vkiller program on it and discovered that I had the key virus on both the dead disks and some "undead" disks as well. I tried to recover these disks with Norton utilities, which always has recovered all but a few of the files on a toasted disk; it would have nothing to do with it. It created some files but they were bits and pieces of multiple files. I've devoted this evening attempting to figure out what happened. I took one disk which still had the "harmless" key virus on it and copied just the files off. I also installed the hospital utilities just to see if they worked - it did very well. Anyway, I then made this the test disk and formatted a new blank disk. I discovered that when I booted off the "undead" disk, it suddenly became dead and gave a read error on the disk. When I inserted the control disk, which had tested safe, and pressed retry, it didn't do anything. When I displayed information on the control disk, it read and probably wrote to the disk. I ran vkiller. It couldn't read the test virus disk and said the control disk now had a virus. By determination and disk switching, I finally got the test disk to read. It said it was virused, had eight sides and 119538576 bytes total of disk space. By examinig the sectors, I discovered that Key had written over the directory sectors of the disk. It was very dead. So, it would seem that the key virus is *NOT* *HARMLESS*. All I can say is install the hospital programs and hope and pray that the bozo/moron/idiot scumball/50 caret moron(s) who wrote this virus doesn't make one that messes with my hard drive. It would be time to play "Hunt down & destroy the pesky little virus hacker" (New...from Nintendo!). A tremendous Thank You to George Woodside for his excellent vkiller program! Craig Pratt BitNet: Craig.Pratt@msu3.oscs.montana.edu GEnie: C.PRATT4 (not here often) "The ships hung in the air in exactly the same way that bricks don't" Douglas Adams, _The_Hitchhiker's_Guide_to_the_Galaxy_