Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!gem.mps.ohio-state.edu!ginosko!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: David.M..Chess.CHESS@YKTVMV Newsgroups: comp.virus Subject: re: IBM Virus (from EXPERT-L list) (PC) Message-ID: <0003.8909271119.AA09775@ge.sei.cmu.edu> Date: 26 Sep 89 00:00:00 GMT Sender: Virus Discussion ListLines: 9 Approved: krvw@sei.cmu.edu Sounds basically like the Jerusalem Virus; in particular, the little signature string given occurs in the JV. Not sure why they aren't seeing files change in size when they're infected. Perhaps the fact that a file gets infected when it executes (rather than when the original infected file executes) is causing confusion. The multiple infections that they're seeing (and attributing to disk fragmentation) are also characteristic of the JV. Or, of course, it could be some Brand New nasty... DC