Re: funky virii

Grant Sparks (
Mon, 1 Jun 1998 11:19:19 +1000

On an IBM compatible type of PC (i386, i486 Pentium etc etc) running Windows
(any version) or DOS (any version) there is no way to infect it with a virus
just by 'putting it in the drive' without any other action.

You need to execute a virus in order for it to infect your computer. Just
putting a disk into a drive on a normal PC will not cause any data on the
disk to be executed. You need to boot from it or execute it or almost
anything else - but simply putting it into a drive can't hurt anyone.

Or have a look at the Nashsoft Anti Virus Research Center and tell me which
type of virus you believe you have so I can find out more about this
extraordinary feat.

If you find that putting it into your drive causes a warning message from
your anti-virus software to appear then clearly your anti-virus software is
running in background and noticed the hardware notify the system of a
disk-change and decided to do a bit of pre-emptive scanning of it's own.

Grant Sparks

-----Original Message-----
From: Michael Lorrey <>
To: <>
Date: Monday, 1 June 1998 10:26
Subject: funky virii

>Alejandro Dubrovsky wrote:
>> this does not mean that the virus would be activated just by sticking it
>> into the floppy drive. The virus protection software you are running is
>> running all the time i guess (background in windows, and as a TSR in
>> and when you stick the disk in the drive and the boot sector is read, the
>> virus protection detects the virus in the disk.
>No the software is set only to detect write attempts to the hard drive.
Sticking this
>floppy in the slot is all it takes for this virus to make a write attempt
to the boot
>sector of the hard drive.
>> The virus does not need to run for the virus protection software to
>> it (in fact, if it runs, it's too late). Try the experiment. grab an
>> hard drive you don't need, stick the disk in the floppy, take it out, and
>> then check if the virus is in the hard drive. I bet you 99-1 that it is
>> not.
>It does. Believe me, I was rather intrigued about this, and I and my sister
(who was
>sys admin at Sturm Ruger and is now sys admin at a local hospital) ran a
series of
>tests on this point, trying to see what the minimum effort was to get this
virus to
>make an attack. I just wish I had some means of getting this virus in a
state where I
>could take a look at the code.
>> i think that the stealth virus you've got is a boot sector virus, but
>> AFAIK, not all stealth virii are, by definition, boot sector virii.
>Yeah, the main reason I thought that it was was because it made a write
attempt to the
>boot sector of my hard drive, and the antivirus software database said that
virii of
>the Stealth C family are boot sector virii.
> Michael Lorrey
> Inventor of the Lorrey Drive
>MikeySoft: Graphic Design/Animation/Publishing/Engineering
>How many fnords did you see before breakfast today?