Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!ginosko!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: portal!cup.portal.com!Alan_J_Roberts@SUN.COM
Newsgroups: comp.virus
Subject: New PC Virus (AIDS Virus)
Message-ID: <0009.8910031107.AA02205@ge.sei.cmu.edu>
Date: 3 Oct 89 04:45:03 GMT
Sender: Virus Discussion List 
Lines: 18
Approved: krvw@sei.cmu.edu


    A new PC virus was submitted to the CVIA from Keith Peterson (who
maintains the SIMTEL20 MSDOS archives).  This virus replicates in COM files
and has the unusual capability of infecting generic COM files internally -
without changing the real size of the file (unlike the zero-bug virus which
maintains an "apparent" constant infected file size).  Small COM files are
infected externally, and the files sizes, for all files under 10K, changes to
13952 bytes - another unusual characteristic.  The virus displays a full
screen graphic with the the word "AIDS" occupying the bottom half of the
screen.  The top half contains a long rambling message from the author
informing the user of how stupid he has been for using public domain
software.
    SCANV40 has been updated to identify the virus.  It is not yet known
how destructive the virus may be (all tests have been done with a disabled
hard disk).  More info forthcoming.  ViruScan identifies the virus as the
AIDS Virus.  Thanks to Keith Peterson for his quick identification of
the virus and for his timely response.
Alan