************************************************************************** An Introspective Study of Seth Kerker Virus ************************************************************************** The Seth Kerker virus attaches itself to the bit blocks of your PC's internal alarm clock, kept alive by the battery cell. A friend of mine at MIT had his entire OS/2 system infected by it, and the virus scanner does little. Here's why: The virus becomes "alive" during the blitter/interrupt update sequence of the clock. Most memory-management virai can be traced because they remain in memory. The Seth Kerker virus actually deletes itself and re-establishes its bytes in random locations of your bootblocks, searching first under C: drives, then B:, and finally A:. My friend at MIT had both disks in his internal drives, as well as his hard drive, infected. We're leaning toward accepting that the virus spreads instantaneously. When we ran our virus checker and discovered it, the virus program no longer load. Quite possibly the virus KNOWS when it is being detected, and injects itself in the virus checker's memory, as well as writes itrself onto it's destination path, crippling the virus checker permanantly. The good news: (if there is any) The virus doesn't seem to do any viable damage. It basically lingers, but what represents the danger is that virai like this are becoming internationally widespread, and sooner or later one of them WILL become dangerous. The only way of removing it is to re-install the batteries of your clock and re-format the hard drive, setting protection bits to 1 instead of 0, as the virus is so small the internal digital scanner reads its block as a 0. The virus is still in its crucial stages... I am constantly monitoring it, and have given it the name Seth Kerker only because that's the student at MIT whose computer contained it. I'll give further updates as soon as I can. Feel free to ask me any questions. - Tajmol Habil **************************************************************************