Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!WSMR-SIMTEL20.ARMY.MIL!w8sdz From: w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) Newsgroups: comp.binaries.ibm.pc.d Subject: New PC Virus (AIDS Virus) Message-ID:Date: 3 Oct 89 05:32:00 GMT Sender: daemon@ucbvax.BERKELEY.EDU Lines: 32 The VGA2CGA program was indeed infected with a virus. Here are the preliminary results. Again I wish to stress that this program was NOT in the SIMTEL20 archives. It was downloaded from a BBS in California by a Detroit area BBS user. --Keith ---forwarded message--- Date: Monday, 2 October 1989 22:45-MDT From: portal!cup.portal.com!Alan_J_Roberts%SUN.COM at pucc.PRINCETON.EDU To: Virus Alert List Re: New PC Virus (AIDS Virus) A new PC virus was submitted to the CVIA from Keith Peterson (who maintains the SIMTEL20 MSDOS archives). This virus replicates in COM files and has the unusual capability of infecting generic COM files internally - without changing the real size of the file (unlike the zero-bug virus which maintains an "apparent" constant infected file size). Small COM files are infected externally, and the files sizes, for all files under 10K, changes to 13952 bytes - another unusual characteristic. The virus displays a full screen graphic with the the word "AIDS" occupying the bottom half of the screen. The top half contains a long rambling message from the author informing the user of how stupid he has been for using public domain software. SCANV40 has been updated to identify the virus. It is not yet known how destructive the virus may be (all tests have been done with a disabled hard disk). More info forthcoming. ViruScan identifies the virus as the AIDS Virus. Thanks to Keith Peterson for his quick identification of the virus and for his timely response. Alan