Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!ginosko!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: portal!cup.portal.com!Alan_J_Roberts@SUN.COM Newsgroups: comp.virus Subject: New PC Virus (AIDS Virus) Message-ID: <0009.8910031107.AA02205@ge.sei.cmu.edu> Date: 3 Oct 89 04:45:03 GMT Sender: Virus Discussion ListLines: 18 Approved: krvw@sei.cmu.edu A new PC virus was submitted to the CVIA from Keith Peterson (who maintains the SIMTEL20 MSDOS archives). This virus replicates in COM files and has the unusual capability of infecting generic COM files internally - without changing the real size of the file (unlike the zero-bug virus which maintains an "apparent" constant infected file size). Small COM files are infected externally, and the files sizes, for all files under 10K, changes to 13952 bytes - another unusual characteristic. The virus displays a full screen graphic with the the word "AIDS" occupying the bottom half of the screen. The top half contains a long rambling message from the author informing the user of how stupid he has been for using public domain software. SCANV40 has been updated to identify the virus. It is not yet known how destructive the virus may be (all tests have been done with a disabled hard disk). More info forthcoming. ViruScan identifies the virus as the AIDS Virus. Thanks to Keith Peterson for his quick identification of the virus and for his timely response. Alan