VIRDET is a program which was created at 3 a.m. after my Novell network was
attacked by a Jerusalem-B virus. By some inspection of infected files and
experimentation, I found that the presence of the virus left a signature in
RAM. The program VIRDET detects the signature and returns with an Errorlevel
of 1, if it finds it otherwise with 0.

I replaced all occurences of LOGIN.EXE with LOGIN.BAT which runs VIRDET and
will continue to run the normal login file, renamed to ~LOGIN.EXE, only if
no virus is found.

I have included the source so that you can be sure the program has not been
doctored. You might use DEBUG to unassemble the .COM as a quick check that
all is well.

I found this very useful during the period of disinfection particularly to
avoid the supervisor getting on from a machine with an infected NET3 or IPX
file.

Note this program will not detect the virus, if it is loaded above 512K. So
if you have users who use memory managers to get NET3 or IPX above 640K this
will not work.

Richard Turnock
73417,156