textfiles/virus/NCSA/ncsa096.txt

                    <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ
                    <20>        VIRUS REPORT         <20>
                    <20>      New Zealand Virus      <20>
                    <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>

Synonyms:  Stoned Virus, Australian Virus, Hawaii, Marijuana, San Diego
virus, Smithsonian virus.

Date of Origin: early 1988.

Place of Origin: Wellington, New Zealand.

Host Machine: PC compatibles.

Host Files: Remains resident. Infects boot sector of 360K floppy disk.

OnScreen Symptoms: The screen will sometimes display "Your PC is now
stoned!"

Increase in Size of Infected Files: n/a.

Nature of Damage: Affects system run-time operation. Corrupts or
overwrites boot sector. Directly or indirectly corrupts file linkage.

Detected by: Scanv56+, CleanUp, F-Prot, IBM Scan, Pro-Scan.

Removed by: CleanUp, MDisk, F-Prot.

Scan Code: 1E 50 80 FC 02 72 17 80 FC 04 73 12 0A D2 75 0E 33 C0 8E D8 A0
3F 04 A8 01 75 03 E8 07 00. You can also search at offset 045H for B8 01
02 0E 07 BB 00 02 B9 01.

History: This virus was first reported in Wellington, New Zealand in
early 1988.

Description of Operation: This virus consists of a boot sector only.  It
infects any disk inserted in a drive after it becomes activated during a
boot, and it occupies 1K of memory.  The original boot sector is held in
track zero, head one, sector three on a floppy disk, and track zero, head
zero, sector two on a hard disk.  The boot sector contains two character
strings: "Your PC is now Stoned!" and "LEGALISE MARIJUANA!". The first
of these messages is only displayed one in eight times when booting from
an infected floppy, the second is unreferenced.  In some variations, the
message is displayed on every 32nd boot.

     In the original version of this virus, only 360 KB 5 1/4" floppies
were infected.  While the original version was unable to infect a hard
disk, other versions (such as New Zealand B) are capable of doing so.

     The virus can (unintentionally) trash 1.2 Mb floppies if they have
more than 32 files, and trashes about 5% of hard disks.<Note: Dr. Alan
Solomon. "The Information Center - PC Security", 1989.>

Removal: The Stoned virus can be removed from 360KB diskettes by using
either the MDisk, CleanUp, or F-Prot programs. It can also be removed
from diskettes by using the DOS SYS command. Be sure to power down your
system and reboot from a clean, write-protected floppy prior to
attempting disinfection.


<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͻ
<EFBFBD>  This document was adapted from the book "Computer Viruses",       <20>
<EFBFBD>  which is copyright and distributed by the National Computer       <20>
<EFBFBD>  Security Association. It contains information compiled from       <20>
<EFBFBD>  many sources. To the best of our knowledge, all information       <20>
<EFBFBD>  presented here is accurate.                                       <20>
<EFBFBD>                                                                    <20>
<EFBFBD>  Please send any updates or corrections to the NCSA, Suite 309,    <20>
<EFBFBD>  4401-A Connecticut Ave NW, Washington, DC 20008. Or call our BBS  <20>
<EFBFBD>  and upload the information: (202) 364-1304. Or call us voice at   <20>
<EFBFBD>  (202) 364-8252. This version was produced May 22, 1990.           <20>
<EFBFBD>                                                                    <20>
<EFBFBD>  The NCSA is a non-profit organization dedicated to improving      <20>
<EFBFBD>  computer security. Membership in the association is just $45 per  <20>
<EFBFBD>  year. Copies of the book "Computer Viruses", which provides       <20>
<EFBFBD>  detailed information on over 145 viruses, can be obtained from    <20>
<EFBFBD>  the NCSA. Member price: $44; non-member price: $55.               <20>
<EFBFBD>                                                                    <20>
<EFBFBD>            The document is copyright (c) 1990 NCSA.                <20>
<EFBFBD>                                                                    <20>
<EFBFBD>  This document may be distributed in any format, providing         <20>
<EFBFBD>  this message is not removed or altered.                           <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͼ

Downloaded From P-80 International Information Systems 304-744-2253