Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!WSMR-SIMTEL20.ARMY.MIL!w8sdz
From: w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen)
Newsgroups: comp.binaries.ibm.pc.d
Subject: New PC Virus (AIDS Virus)
Message-ID: 
Date: 3 Oct 89 05:32:00 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Lines: 32

The VGA2CGA program was indeed infected with a virus.  Here are the
preliminary results.

Again I wish to stress that this program was NOT in the SIMTEL20
archives.  It was downloaded from a BBS in California by a Detroit
area BBS user.

--Keith

---forwarded message---
Date: Monday, 2 October 1989  22:45-MDT
From: portal!cup.portal.com!Alan_J_Roberts%SUN.COM at pucc.PRINCETON.EDU
To:   Virus Alert List 
Re:   New PC Virus (AIDS Virus)

	A new PC virus was submitted to the CVIA from Keith Peterson (who
maintains the SIMTEL20 MSDOS archives).  This virus replicates in COM files
and has the unusual capability of infecting generic COM files internally -
without changing the real size of the file (unlike the zero-bug virus which
maintains an "apparent" constant infected file size).  Small COM files are
infected externally, and the files sizes, for all files under 10K, changes to
13952 bytes - another unusual characteristic.  The virus displays a full
screen graphic with the the word "AIDS" occupying the bottom half of the
screen.  The top half contains a long rambling message from the author
informing the user of how stupid he has been for using public domain
software.
	SCANV40 has been updated to identify the virus.  It is not yet known
how destructive the virus may be (all tests have been done with a disabled
hard disk).  More info forthcoming.  ViruScan identifies the virus as the
AIDS Virus.  Thanks to Keith Peterson for his quick identification of
the virus and for his timely response.
Alan