home *** CD-ROM | disk | FTP | other *** search
-
- *********************************************
- *** Reports collected and collated by ***
- *** PC-Virus Index ***
- *** with full acknowledgements ***
- *** to the authors ***
- *********************************************
-
-
- Date: Fri, 26 Apr 91 15:23:33 -0400
- From: padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson)
- Subject: AIRCOP alert (PC)
-
- Recently, one of our users brought a laptop in for screening. The
- AIRCOP boot sector infector was found on two of the 3 1/2 utility
- disks furnished with the machine & we have reason to believe that
- the virus was on the disk prior to the utility files.
-
- The disks are professionally labeled MS-DOS V4.01 utility/diag
- printed by CAF Computer Corp. under license from MircroSoft Corp.
-
- The virus appears to conform to published reports and contains the
- "RED STATE" message in encrypted form. The virus also appears to
- expect 360k floppies since the location the original boot sector is
- stored in would be in the middle of any larger capacity disk.
-
- Since the disk conforms to most Microsoft boot sector
- specifications, automatic routines may not pick it up however SCAN
- v66 and later will detect it as should any routine looking for
- memory size information manipulation.
-
- The virus when active does not employ any stealth and will take 1k
- bytes from the top of memory. Infected disks may be identified by
- the lack of the normal error messages in the boot sector except for
- the ASCII "NON-SYSTEM" found at the end of the boot sector just
- prior to the MS signature.
-
-
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- �
