Some Common PC-DOS Viruses and What They Mean To You
The Joshi virus is another boot-sector infector, similar to
the Stoned.
It also infects diskette boot sectors and hard disk master
boot sectors.
It appeared only recently in the U.S., but has quickly
become one of the most commonly-appearing viruses;
this seems to be due to lucky (from the virus' point of
view) accidents, rather than to any special properties of
the virus.
On January 5th of any year, infected machines will periodically
hal
Type "Happy Birthday Joshi" !
t with the message
Typing "Happy Birthday Joshi" will unlock the system.
In terms of spread characteristics, the Joshi virus is
very similar to the Stoned.
When a machine is booted from an infected diskette or hard disk,
the virus loads into memory, and any diskettes used in
the A: or B: drives, as well as the first two physical
hard disks, may become infected thereafter.
The Joshi virus is somewhat larger and more complex, but
all the spread scenarios given for the Stoned apply.
Because the Joshi is larger and more complex, Joshi-infected systems
are somewhat more likely to malfunction than
systems infected with the Stoned.
Under some circumstances, systems infected with the Joshi virus
will be unable to correctly access the diskette drives, for instance.
As with the Stoned, Joshi-infected systems will have somewhat
less total memory than they should, but the typical user will
not notice this.
As always, the most reliable symptom is an alert from an
anti-virus program, and checking for viruses is a good first
step when dealing with any unprotected system that is acting strangely.
The Joshi is a somewhat newer virus than the 1813 or the Stoned,
and some anti-virus programs may not be able to detect it or
protect against it.
It is also slightly harder to detect than the Stoned virus,
because if the virus is active in memory, it will intercept
attempts to read the infected boot sector, and "lie" to
the calling program by passing back an image of the system's
original uninfected boot sector.
It will also remain in memory even if the system is
booted by pressing the control-alt-delete key sequence
(it does not, of course, remain in memory if the
power is turned off!).
The virus is, however, easily detected in memory, so
an up-to-date anti-virus program should have no difficulty
detecting it.
Removing the Joshi virus is very much like removing the Stoned;
diskettes should be SYSed or FORMATed, and hard disks need to have
their master boot sectors restored (both in a machine in which
the virus is not currently active in memory).
[ Top of Page | Previous Page | Next Page | Table of Contents ]
|
