--------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: EBR00002 Date: 07/21/97 From: EVAN TAYLOR Time: 09:45pm \/To: CHRIS EVANS (Read 1 times) Subj: Re: Virus wipes root C files *** Quoting Chris Evans from a message to All *** CE> Does anyone know whether this sounds like a known virus? ... last CE> Thursday all the files in root C (not in dir's) were wiped, and this Well sounds to me like either you typed del *.* from your c: directory or you thought you were in your a: or b: drive and deleting a disk and infact you were in C:. Further wiping a single directory could easily be a very lame trojan batch file that is attached to something you recently downloaded. If it is a virus it is just about the lamest virus I've heard of. Did you try to undelete any of the files. A virus would have messed with the FAT not just deleted the files and they shouldn't be recoverable. If you can recover them, then I also suspect human error. Evan Taylor --- Telegard v3.03.b06!323/mL * Origin: fks Online! * Ontario, Canada * (905)820-7273 * (1:259/423) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: EBR00003 Date: 07/09/97 From: FRANK RIVOLI Time: 12:55am \/To: ALL (Read 1 times) Subj: Unknown virus Dear All, i have a problem with my computer. When I restart my computer in Ms-Dos mode from windows 95 the volume label on drive change from WINDOWS_95 AE and also the drive date changes: 03-12-1996 00-00-1098 I have scanned my computer dozens of times using vet 8.9 but it found nothing. Also sometime when I reboot a messages comes up saying: WARNING: Master boot record changes, possible virus infection. This comes up in windows 95 regulary. I did another scan but nothing. When this message comes up, my computer switches to MS-DOS Compatibility mode, and All drives use Ms-Dos mode. Why does this happen ? Please help Thanks --- * Origin: Melbourne PC User Group BBS (3:632/309) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: EBS00000 Date: 07/18/97 From: RICHARD ST. JOHN Time: 06:30pm \/To: MARK KUKLA (Read 1 times) Subj: Computer or virus problems... Mark, I know you will hear this from other people...but....all of your problems could be related to a bad SIMM. I would doubt that it is a virus, even though strangers things have happened. I would check the SIMMS out. RS --- GEcho 1.20/Pro * Origin: Slings & Arrows BBS St. Louis, Mo. (1:100/205.0) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: EBS00001 Date: 07/22/97 From: PAUL LENTZ Time: 11:10pm \/To: NO ONE (Read 1 times) Subj: Sorry, Test Message I'm very sorry, this is an "inside net" test message... Please, Please Ignore it! Thanks! *Paul* --- timEd-B9 * Origin: Dumb Guy's!!! (1:124/5025) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: EBS00002 Date: 07/18/97 From: KONSTANTIN KOVNERISTY Time: 01:44pm \/To: WAYNE FALLEN (Read 1 times) Subj: best scanners/removers Dear Wayne! 14 Jul 97, Wayne Fallen wrote to All: WF> Would someone please advise which would be the top 4 virus WF> scanners/removers including macros. In Russia: - Dr.Web - AVP - "do-it-yourself" - others Best regards, Konstantin Kovneristy, --- GoldED 2.42.G0214 * Origin:  (2:5020/69.44) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: EBT00000 Date: 07/22/97 From: CHRIS EVANS Time: 10:19am \/To: GORDON FREY (Read 1 times) Subj: Virus wipes root C files GF> CE> Does anyone know whether this sounds like a known virus? ... last GF> CE>Thursday all GF> CE> the files in root C (not in dir's) were wiped, and this Thursday my GF> CE> config and GF> CE> autoexec files, including .bak ones, were wiped. [reply] GF> Download the latest update for McAfee and one of the other GF> trail packages from: F-prot, Dr. Sol, or TBAV. Hi Gordon, do you mean you have heard of this virus? -Chris. --- * Origin: Multiboard * 519-438-1066 * Internet * 4GB * (1:2401/0) KW> CE> Does anyone know whether this sounds like a known virus? ... last KW> CE> Thursday all the files in root C (not in dir's) were wiped, and this KW> CE> Thursday my config and autoexec files, including .bak ones, were [reply] KW> trying to identify a virus by symptoms is a waste of time KW> 99% of the KW> time... if you feel you have a virus and are not satisfied KW> with the KW> detection your present scanner is giving you, try a different one... KW> i'd suggest f-prot, avp, or findvirus... KW> (on a side note, wiping files in the root causes big KW> problems with computer operation Yes, luckily WIN 95 doesn't need the autoexec or config to run. KW> most virus writers know well enough to avoid KW> causing big problems with the computers operation since it KW> would give away the presence of the virus) Well, from looking at what many viruses do, wouldn't you say that a lot of the virus writers are also trying to cause as much hardware and software damage as possible in an effort to get a much publicity as possible? -C. --- * Origin: Multiboard * 519-438-1066 * Internet * 4GB * (1:2401/0) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: EBT00001 Date: 07/22/97 From: CHRIS EVANS Time: 10:27am \/To: KURT WISMER (Read 1 times) Subj: Virus wipes root C files KW> CE> Does anyone know whether this sounds like a known virus? ... last KW> CE> Thursday all the files in root C (not in dir's) were wiped, and this KW> CE> Thursday my config and autoexec files, including .bak ones, were [reply] KW> trying to identify a virus by symptoms is a waste of time KW> 99% of the KW> time... if you feel you have a virus and are not satisfied KW> with the KW> detection your present scanner is giving you, try a different one... KW> i'd suggest f-prot, avp, or findvirus... KW> (on a side note, wiping files in the root causes big KW> problems with computer operation Yes, luckily WIN 95 doesn't need the autoexec or config to run. KW> most virus writers know well enough to avoid KW> causing big problems with the computers operation since it KW> would give away the presence of the virus) Well, from looking at what many viruses do, wouldn't you say that a lot of the virus writers are also trying to cause as much hardware and software damage as possible in an effort to get a much publicity as possible? -C. --- * Origin: Multiboard * 519-438-1066 * Internet * 4GB * (1:2401/0) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: EBT00002 Date: 07/22/97 From: EARL MONTGOMERY Time: 07:36pm \/To: ALL (Read 1 times) Subj: StealthBoot.a After 15 years of messing with computers (downloading from BBSes, exchanging floppies, etc) my computer was infected for the first time by the Stealthboot.a virus. One thing that made me think I had been infected was when I did a MEM command it would show 636K conventional instead of 640K. Also Windows 3.1 would not run (showed the Logo then returned me DOS) if RAM or NOEMS was used in the config.sys. I ran MSAV and McAfee (both had outdated virus data files) and neither detected the virus. Found AVP and it found and cured the virus. My system now reflects 640K conventional and Windows operates as it should. Someone suggested that even though everything appears normal I should run FDISK /MBR. Since this is an undocumented switch I hestitate to use it. Appreciate any input on the use of this switch in my case. Regards --- Msgedsq 2.2e * Origin: Earl's Point * Dallas TX * (1:124/1113.5) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: EBT00003 Date: 07/22/97 From: RICK COLLINS Time: 06:53pm \/To: KURT WISMER (Read 1 times) Subj: Weird Event of the Day Remember several months ago I told you I managed to boot with an ANTIEXE infected floppy in the drive? Well, the problem was easily fixed, and I isolated the source as a disk I got from a co-worker. So, I returned it to him with a copy of F-Prot and instructions on how to clean his home system and floppies, which he did. This morning at work the network was incredibly slow for some users, and while Keith was waiting for his system to connect I casually threw in "It's obvious. You have a virus". Big chuckle. After lunch I walked into his cubicle, and there he was, staring at a bright red warning from VShield "The floppy in Drive A: is infected with ANTIEXE". Yup. Guess he didn't "get 'em all" a few months ago. :-) Now he's got to get ahold of the three people he gave disks to and make sure _they're_ not infected, too... Anyway, I _can't_ convince him that the comment I made in the morning had nothing at all to do (except sheer coincidence) with what happened in the afternoon. :-) So here I am, putting together four more floppies with F-Prot on them, for distribution tomorrow.... Rick --- MsgedSQ 3.30 * Origin: The Warlock's Cave (1:163/215.39) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: EBT00004 Date: 07/22/97 From: RICK COLLINS Time: 07:05pm \/To: FRANK RIVOLI (Read 1 times) Subj: Unknown virus On Jul 09 00:55, 1997, Frank Rivoli of 3:632/309 wrote: FR> Dear All, FR> i have a problem with my computer. When I restart my computer in FR> Ms-Dos mode from windows 95 the volume label on drive change from FR> WINDOWS_95 AE FR> and also the drive date changes: FR> 03-12-1996 00-00-1098 FR> I have scanned my computer dozens of times using vet 8.9 but it found FR> nothing. Also sometime when I reboot a messages comes up saying: FR> WARNING: Master boot record changes, possible virus infection. FR> This comes up in windows 95 regulary. I did another scan but nothing. FR> When this message comes up, my computer switches to FR> MS-DOS Compatibility mode, and All drives use Ms-Dos mode. FR> Why does this happen ? Please help It happens because you quite possibly have an infected machine. Use a clean, write-protected DOS boot floppy, and boot from that. Then, use a good quality AV program like F-Prot, TBAV, or even McAfee and scan your system. Many viruses can avoid detection if they have become active through booting from an infected hard drive. That's why you need to boot from a floppy known to be clean, and write-protected to avoid accidents, before scanning. Rick --- MsgedSQ 3.30 * Origin: The Warlock's Cave (1:163/215.39)