what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

a-28.ciac-stoned-virus

a-28.ciac-stoned-virus
Posted Sep 23, 1999

a-28.ciac-stoned-virus

tags | virus
SHA-256 | 97f713fc7d17e96cc4b8991da448eca46811bb5aaf2589c30ef7463f05ac1b33

a-28.ciac-stoned-virus

Change Mirror Download

________________________________________________________________________
THE COMPUTER INCIDENT ADVISORY CAPABILITY

CIAC

INFORMATION BULLETIN
________________________________________________________________________

The Stoned (Marijuana or New Zealand) Virus on MS DOS Computers


July 12, 1990, 1200 PST Number A-28
________________________________________________________________________

Name: Stoned virus (also known as the Marijuana or New Zealand virus)
Types: At least four known variants
Platform: MS DOS computers
Damage: Not deliberately destructive--however, this virus overwrites
some of boot sector/master boot record on infected disks (see text)
Symptoms: May write "Your computer is now stoned. Legalize marijuana"
or similar message on screen (one variant has this message removed);
may create hard disk errors or the inability to boot
Detection: VIRALERT, VIRHUNT, RESSCAN, CodeSafe, F-PROT, IBM Scan
Eradication: VIRHUNT, RESSCAN, CodeSafe, CleanUp, F-PROT and others
(contact CIAC for information about these products)

Critical Stoned Virus Facts
_______________________________________________________________________


The Stoned (Marijuana or New Zealand) virus is now one of the most
common viruses among MS-DOS systems. The Stoned virus infects the boot
sector/master boot record of floppy and hard disks. Once resident in
memory, this virus may display a message similar to the following:

Your computer is now stoned. Legalize marijuana.

Although the Stoned virus apparently was not programmed to do damage,
this virus can nevertheless damage a system. The Stoned virus may
overwrite parts of infected disks that contain directory information or
portions of user data files, specifically the boot sector of floppy
disks along with Head 0, Track 0, Sector 3 on a diskette or the master
boot record and Head 0, Track 0, Sector 7 on hard disks. If hard disks
have last been partitioned under DOS 2, this virus overwrites portions
of the File Allocation Table (FAT) as well. The result is overwriting
of data files and indications of disk errors by CHKDSK. Variants of
the Stoned virus produce slightly different effects:

Stoned-B: infection of the hard disk's partition table,
Stoned-C: no displayed message
Stoned-D: infection of high density diskettes

You can detect the Stoned virus with a variety of scan packages such as
VIRALERT, VIRHUNT, RESSCAN, CodeSafe, F-PROT, IBM Scan. You can
eradicate this virus by using packages such as VIRHUNT, RESSCAN,
CodeSafe, CleanUp, F-PROT. If you cannot obtain a virus removal
utility, we suggest you back up your applications and data from your
hard disk, and then low-level format the disk to ensure that the master
boot record is removed. Boot from a clean, writeprotected operating
system disk, restore your system, and then restore the application and
data files.

After you have cleaned your system, either with an eradication product
or by formating the drive, scan again using a virus detection utility
to ensure that the virus is not present. To ensure that your system
does not immediately become re-infected, be sure to scan all of floppy
disks for the virus as well. To clean floppies you may use one of the
suggested products, or you may format new floppies on a clean system,
then use the "copy" command to copy files from the infected floppies to
the clean ones. Format the infected floppies to reuse them.

The Stoned virus typically spreads wherever floppy disks are shared.
Infections can be easily prevented by adopting sound protection
procedures. The Stoned virus infects hard disks when a PC is booted
from an infected floppy. This virus does not infect applications,
however. If you must boot from a floppy disk, ensure with a virus scan
package that this disk is not infected, and write-protect this disk.
This will prevent your boot disk from becoming infected. (Warning:
under some circumstances the Stoned-infected floppy disk can infect a
machine even if the computer does not have a bootable operating system
on it.)

Additional Note: Basic information about the Stoned virus has been
available through the CIAC Bulletin Board (FELIX) and CIAC Bulletin
A-15 since the beginning of this year.

For additional information or assistance, please contact CIAC:

David S. Brown
(415) 423-9878 or (FTS) 543-9878
FAX: (415) 423-0913, (FTS) 543-0913 or (415) 422-4294

Send e-mail to:

ciac@tiger.llnl.gov

The assistance of Ken Van Wyk and Dave Chess is gratefully
acknowledged. Neither the United States Government nor the University
of California nor any of their employees, makes any warranty,
expressed or implied, or assumes any legal liability or responsibility
for the accuracy, completeness, or usefulness of any information,
product, or process disclosed, or represents that its use would not
infringe privately owned rights. Reference herein to any specific
commercial products, process, or service by trade name, trademark
manufacturer, or otherwise, does not necessarily constitute or imply
its endorsement, recommendation, or favoring by the United States
Government or the University of California. The views and opinions of
authors expressed herein do not necessarily state or reflect those of
the United States Government nor the University of California, and
shall not be used for advertising or product endorsement purposes.

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close