home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!charon.amdahl.com!pacbell.com!sgiblab!zaphod.mps.ohio-state.edu!caen!umeecs!hela.iti.org!cs.widener.edu!dsinc!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev)
- Newsgroups: comp.virus
- Subject: Re: Michelangelo (PC)
- Message-ID: <0008.9211171913.AA17490@barnabas.cert.org>
- Date: 16 Nov 92 15:09:25 GMT
- Sender: virus-l@lehigh.edu
- Lines: 24
- Approved: news@netnews.cc.lehigh.edu
-
- mcafee@netcom.com (McAfee Associates) writes:
-
- > The Michelangelo virus is spread by booting from an infected floppy
- > diskette. When the infected floppy is booted from, the virus code is
- > loaded and executed by the computer. The virus is now installed in
- > memory and will monitor the system for disk accesses. When a disk
- > access occurs, the virus checks the disk to see if its infected, and
- > if not, infects the disk (network drives, Stacker compressed volumes,
- > and other media which are accessed through a device driver are not
-
- Not quite exact. The virus tries to infect the hard disk only at boot
- time, i.e., when you are trying to boot from an infected diskette. If
- the virus is being booted from the hard disk, or if it is already
- resident, it doesn't try to infect the hard disk any more. Thus, it
- can be disinfected from the hard disk even if it is active in memory,
- although this is not generally recommended.
-
- Regards,
- Vesselin
- - --
- Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg
- Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN
- < PGP 2.0 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
- e-mail: bontchev@fbihh.informatik.uni-hamburg.de D-2000 Hamburg 54, Germany
-
