♫ It was ten years ago today, Monkey.B taught the Wolf to play. We've been going in and out of style. But we're guaranteed to raise a smile... ♫
Ten years ago, my company's -- and our client's -- computers were infected with the Monkey.B virus. I suppose you could say it was my first incident reponse experience. It took us a little over three weeks to clean the mess up. The incident sparked in me the desire to a) learn as much as I could about malware; b) learn as much as I could about computer security; and c) never again let this happen to a client. From that day on, I have considered security a functional requirement of every project. It was a tough lesson.
But, it set me on the right path, so thank you Sgt. Pepper.
A couple tokens from the situation ...
From: wolfgang a goerlich <firstname.lastname@example.org>
Subject: Unknown boot virus (PC)
I'm at my wits end with this one. On accessing the a: drive, characters of both the file names and the files themselves are randomly replaced. I run McAfee, and it reported no virus activity. I then replaced the floppy, yet the corruption of files continued. I was also having problems with Win95, so I attempted to reinstall it from the CD-ROM. However, it got past the initial hardware scan, then reported a boot virus and locked up. So I borrowed a copy of Dr Solomons, but it also reported no viruses. Finally, in desperation, I reformatted the drive. Only now, the format command reports there is a virus, and quits. Also, the same floppy drive corruption continues. Anyone have any ideas of what I could try next? I even replaced the hard drive, but my other one was also infected.
I'm completely baffled.
From: Wolfgang A Goerlich <email@example.com>
Subject: Unknown Boot Virus - Last Words (PC)
> I'm not sure as to what your a: drive is doing, but as for your boot
> sector "virus", go and turn off boot sector virus checking in your BIOS.
> That will solve your hard drive problems anyway...
Thank you. It turned out that we did have a undetectable boot virus (which we removed using F-Prot). However, the BIOS virus checking was still giving us errors. After reading this, we turned it off and everything has been running smoothly since.