VIRUS-L Digest Monday, 4 Feb 1991 Volume 4 : Issue 21 ****************************************************************************** Today's Topics: VIRUS-L index monthly update for Jan 1991 VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. Please sign submissions with your real name. Send contributions to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's equivalent to VIRUS-L at LEHIIBM1 for you BITNET folks). Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@CERT.SEI.CMU.EDU. Ken van Wyk --------------------------------------------------------------------------- Date: Fri, 01 Feb 91 15:21:00 +0000 From: Anthony Appleyard Subject: VIRUS-L index monthly update for Jan 1991 [Ed. This is a first attempt at a monthly VIRUS-L index (comp.virus readers can refer to the digest archives on cert.sei.cmu.edu). Thanks to Anthony Appleyard! Comments and suggestions are welcomed - please refer them to myself (krvw@cert.sei.cmu.edu) and/or Mr. Appleyard.] ====================================================================== Subject: Virus-L index of volume 4 up to issue #014 (PC part 1) ====================================================================== If the 'Subject:' description has been lengthened hereinunder for clarity, its original part as in Virus-L is in [square brackets]. ...................................................................... SUBJECT ISSUE ...................................................................... I want a [Virus Vaccine (PC)]. (Virex distributors didn't answer) 004 [re: Virus Vaccine (PC)] use e.g. McAfee's SCAN 005 I want an [Auto-scanning Virus Vaccine? (PC)] Is McAfee's SCAN such? 006 [F-DRIVER boot check (PC)] does not check drive A, but it checks memory 007 [Info on resident virus scanner. (PC)] use McAfee's SCAN, which see 007 [Re:Auto-scanning Virus Vaccine? (PC)] use Vi-Spy from RG Software 009 [Hard Disk Protection (PC)] re automatic scanners like Mac SAM II 009 [Re: SCAN program for IBM's (PC)] re PC virus scanners 010 [Re: SCAN program for IBM's (PC)] Fastback senses when floppy inserted 010 [PD Virus programmes (PC)] I want a public domain PC antiviral 014 [Antiviral product contact list (PC mostly)] (343 lines long) 016 ...................................................................... [Re: Virus Protection (PC)]I want FPROT to check drive A for boot virus 001 [FPROT review (PC)] (long) 002 [Re: Virus Protection (PC)] FPROT's author's reply to criticisms 005 [Plans regarding F-PROT (PC)] re coming versions 1.14 & 2.0 012 [F-PROT 1.14 (PC)] more viruses that it detects; some bugs cured 013 [Problem with F-Prot 1.14 (PC)] it won't protect many files 015 [Problems installing F-PROT 1.14 (PC)] it refused to protect WP.EXE 017 [Word Perfect and change checkers (PC?)] Word Perfect won't let you 017 [Re: Problem with F-Prot 1.14 (PC)] caused by a funny re file lengths 017 [Possible bug in FPROT 1.14? (PC)] it refused to remove Sunday virus 017 ...................................................................... [Anyone seen Norton's Antivirus? (PC)] or know anything about it? 014 [Re: Norton Antivirus (PC)] misses a lot of viruses 015 [Re: Norton Antivirus (PC)] suspicion of slowness supplying updates 015 ...................................................................... for where to get them> what is [Mcaffee Associates]'s email address? 014 [Review of SCAN (PC)] (190 lines long) 016 [Re: Review of SCAN (PC)] put prog in boot sector to look for change 017 ...................................................................... (by McAfee) what is [Latest version of McAfee's vcopy program? (PC)]Where to get it?004 ...................................................................... [Re: Virus Vaccine (PC)] how to contact the Virex people 005 [VM, MS-DOS and Virex (PC, I *think*)] Virex's writer's contact address 007 [Virex Address (PC)]Microcom Software Division,3700-B Lyckan Parkway,Durham NC 27717, USA. Tel.1-919-490-1277, in Europe call 44 483 740763 008 [Re: Virex Address (PC)]'s number 1-800-555-1212; re a new release 009 [Re: Disinfectant vs. Virex (Mac)] re Virex from its author 013 ...................................................................... ====================================================================== Subject: Virus-L index of volume 4 up to issue #014 (PC part 2) ====================================================================== If the 'Subject:' description has been lengthened hereinunder for clarity, its original part as in Virus-L is in [square brackets]. ...................................................................... SUBJECT ISSUE ...................................................................... [New virus (PC)] description 001 ...................................................................... (see also ) I want info re [4096 virus (PC)] 011 ...................................................................... -- (alias ) I [Need help with (c) Brain]: How does it work? How does SCAN find it? 004 [(c) BRAIN id and disinfection (PC)] "Non-bootable" disks have boot sectors that say "This disk is not bootable". How to detect Brain 007 ...................................................................... (alias 1701 and 1704) [discovering 170x infection path (PC)] how it infects 007 ...................................................................... a power surge wiped out my [CMOS devuce settings] (devuce=device) descr 004 ...................................................................... -- (alias ) [Text in MLTI virus (PC)] origin of name 'Eddie' 014 [Re: Text in MLTI virus (PC)] seems to be in Russian; discussion 015 [Re: Text in MLTI Virus (PC)] "Eddie die somewhere in time" is in book 'Slaughterhouse 5' by Kurt Vonnegut Jr, where hero is unstuck in time 017 ...................................................................... ) [Fish Virus Activation (PC)] starts in year 1991; short description 006 ...................................................................... (alias 1813 virus) [Jerusalem Virus (PC)] at Clarkson Univ(USA), CLEAN won't remove it 011 ...................................................................... I want info re [Joshi & Stoned 2 (PC)] 007 [Stoned and Joshi (PC)] misc re Joshi & re having both Joshi & Stoned 009 [Joshi & Stoned II (PC)] re having (& curing manually) both at once 009 [Johsi / Stoned2 (PC)] ditto 010 [re: Johsi / Stoned2 (PC)] infect only by booting from infected floppy 011 [AU Virus Alert (PC)] Joshi at Athabasca Univ in Canada 012 [International Virus Infections (PC)] Joshi in cruise liner's system 013 ...................................................................... [International Virus Infections (PC)] Keypress in cruise liner's system 013 ...................................................................... [Plastique - 2900 virus report (PC)] long description. Overwrites disks 014 ...................................................................... [QEMM Virus? (PC)] on QEMM386 V5.1 diskette from Quarterdeck in the Optimize.com & install.exe progs. Is it 648 virus? descr of symptoms 005 [Reported QEMM "virus" (PC)] is not 648 virus. Is is a clash between QEMM & disk driver software? 006 [Re: QEMM Virus? (PC)] Not virus, or possibly dormant virus 008 [Re: QEMM Virus? Followup from Quarterdeck (PC) QEMM-386 v5.1 accidentally contains code same as a 648 virus signature. No virus in it 008 [QEMM IS _NOT_ A VIRUS (was Re: QEMM Virus? (PC))] ditto 010 ...................................................................... ["Stoned" Virus (PC)] I reformatted hard drive but still symptoms 004 I want info re [Joshi & Stoned 2 (PC)] 007 how I got rid of [Stoned Virus (PC)] 007 FPROT & SCAN will remove [Stoned (PC)]; first boot from clean source 007 [Stoned in KC, Mo. (PC)] from Computer Resale Center in Kansas City 008 [Re: Stoned Virus (PC)] how to get rid of Stoned virus 008 [Re: Stoned Virus (PC)] re getting CLEAN; etc 009 [Joshi & Stoned II (PC)] re having (& curing manually) both at once 009 [re: Joshi & Stoned 2 (PC)] some scanners report "Stoned" as "Stoned 2"; Joshi & Stoned don't damage disks, but both together may 009 I had Stoned + [Stone-2 (PC)] together in USA 010 [Reoccurence of Stoned on formatted drives (PC)] long descr of events 010 re restoring FAT damaged by [Stoned (PC)] 010 [Johsi / Stoned2 (PC)] re having both at once 010 [re: Stone-2 (PC)] + Stoned together: not so. Same signature in both 011 [re: Reoccurence of Stoned on formatted drives (PC)]:revived dead virus?011 [re: Johsi / Stoned2 (PC)] infect only by booting from infected floppy 011 [STONED and NON-bootable floppies (PC)] 011 [Re: Stoned in KC, Mo. (PC)] from a copy of Ontrack's Disk Manager(long)011 [Re: Stone-2 (PC)] Stones is in USA 012 [Stoned (and other boot viruses) & non-bootable floppies(PC)] all PC 'non-bootable' floppies are actually bootable 012 [Re: Stoned (PC)] what various variants of Stoned overwrite and do 012 [Re: Stonned reoccurence of reformatted hard drive (PC)] 012 we had [Stoned on a Hardcard (PC)] 013 there are 2 major [Stoned variants (PC)], & minor variants of each 013 [Apathy and viral spread (general)] new virus info service called SUZY 013 [Problem with virus checker (PC)] SCAN / phone / Stoned 014 how can I remove [Stoned virus in partition table (PC)]? 014 [Re: Stone-2 (PC)] only so far in Australia & New Zealand 014 [Stoned here (PC)] at Loma Linda University Medical Center (in USA?) 014 [more on STONED (PC)] P.S. & correction to previous message 014 014 [Stoned in partition table (PC)] Stoned can re-infect from memory 015 [Stoned, disk size and drive preference (PC)]; re versions of Stoned 015 ...................................................................... [Zmodem infected with Violator (PC)] DSZ1203.ZIP has Violator variant called Christmas Violator or Violator-B4. Search string 001 ...................................................................... [WP viri and bugs (PC)] probably just a bug 001 [WordPerfect "virus"--summary of responses] Not virus. Bugs and design flaws, and people swopping disks at wrong moment without telling 006 [WP 8 byte bug (PC)] saves & erases a file, instead of renaming it 007 ...................................................................... I want help re [obscure procedure in Yankee Doodle (PC)] code 007 info [Re:obscure procedure in Yankee Doodle (PC)]] re segment A000hex 009 [re: obscure procedure in Yankee Doodle (PC)] --see 009 ...................................................................... I want info re [ZeroHunt Virus (PC)] & any infections by it 001 ...................................................................... I [Need help w/ CMOS problem in PS/2 Model 70 (PC)] funny on disk read 012 [Re: Need help w/ CMOS problem in PS/2 Model 70 (PC)]feature, not virus 013 I may have discovered a [New virus 1586? (PC)]; description 014 [Re: New virus 1586? (PC)] it is <1575> bytes long; reply to previous 015 ...................................................................... [Re: SCAN program for IBM's (PC)] can IBM floppy drive tell when a floppy is inserted? If so, how? 007 [Floppy disk detection (PC)] re previous: some can, some can't 008 [Re: SCAN program for IBM's (PC)] keep checking write protect detector 009 [Re:SCAN program for IBM's (PC)]install TSR to capture Int 13h func 02h 009 [Re: SCAN program for IBM's (PC)] re PC virus scanners 010 [Re: SCAN program for IBM's (PC)] Fastback senses when floppy inserted 010 [Re: SCAN program for IBM's (PC)]re 1st #014 message: won't always work 010 [RETRACTION: Disk Scanning (PC)] re "Drive Change Line" 011 [Auto-scanning Virus Vaccine? (PC)]"changeline"& little prog to scan it 011 [Re: SCAN program for IBM's (PC)] but drive motor must run all the time 011 ...................................................................... [MIBSRV downtime] MIBSRV (130.160.20.80) has had a hard disk crash 001 [MIBSRV back up & new files (PC)] NETSCN72 CLEAN72 VSHLD72 SCANV72 007 [clean72.zip update (PC)] MIBSRV had bad copy of CLEAN72; now corrected 008 ...................................................................... [PVALIDAT.ZIP - Portable VALIDATE using McAfee algorithms (PC)] 005 ...................................................................... [EXE file compression with LZEXE and PKLITE (PC)] should virus scanners look inside PKLITE'd files as well as LZEXE'd files? 001 ...................................................................... [Various thoughts] re stopping unknown boot sector viruses 008 [Anti-Viral Utilities (PC)] implanted in partition table of fixed disk 017 ...................................................................... [VM, MS-DOS and Virex (PC, I *think*)] can PC get infected from VM? 007 are there any PC viruses which are [TSR Attackers? (PC)] 011 [Processor-specific viruses and other subjects (PC)]; translations reqd 013 [Nimbus machines and viruses ? (PC)] Can PC viruses infect Nimbuses? 017 ...................................................................... ====================================================================== Subject: Virus-L index of volume 4 up to issue #014 (Mac part 1) ====================================================================== If the 'Subject:' description has been lengthened hereinunder for clarity, its original part as in Virus-L is in [square brackets]. ...................................................................... SUBJECT ISSUE ...................................................................... I want info re [Mac system 7.0 compatible Anti-Virus programs (Mac)] 009 [Antiviral product contact list (PC mostly)] (343 lines long) 016 ...................................................................... [Query - Disinfectant vs. Virex (Mac)]what differences? which is better?012 [Query - Disinfectant vs. Virex (Mac)] which is better 013 [Re: Query - Disinfectant vs. Virex (Mac)] both are good 014 [Re: Query - Disinfectant vs. Virex (Mac)] ditto 014 [Query - Disinfectant vs. Virex (Mac)] How does SAM 6 compare with them?017 ...................................................................... [Strange Problem Running Disinfectant 2.4! (Mac)] blinking message "insert disk to be ckecked" in top right corner of screen 005 [Strange Problem Running Disinfectant 2.4! (Mac)] Disinfectant can be set up as automatic scanning station. That happened here. How to stop it 006 [Re: Strange Problem Running Disinfectant 2.4! (Mac)] ditto 007 [Updating Disinfectant (Mac)] where can I get the latest update? 017 ...................................................................... ====================================================================== Subject: Virus-L index of volume 4 up to issue #014 (Mac part 2) ====================================================================== If the 'Subject:' description has been lengthened hereinunder for clarity, its original part as in Virus-L is in [square brackets]. ...................................................................... [Mac virii & System 7.0 (Mac)] How will System 7.0 affect viruses? 014 [Re: Mac virii & System 7.0 (Mac)] Not that much 015 ...................................................................... [possible macintosh virus] that 'locks' all floppies to computer 006 [Re: possible macintosh virus (Mac)] MacTools funny. Not virus 009 [Re: possible macintosh virus (Mac)] we've got this virus also 010 [Re: possible macintosh virus (Mac)] misaligned floppy drive? 011 [Re: possible macintosh virus (Mac)] is it 'Virus Blockade II' prog? 012 ...................................................................... [Virus Query (Mac)] I want info & reports re Murphy virus 015 ...................................................................... SAM says that my Mac has [nVIR-like resources... (Mac)] 005 [Re: nVIR-like resources... (Mac)]are a way of vaccinating against nVIR 007 [Re: nVIR-like resources... (Mac)]ditto, but it may make scanners swear 008 ...................................................................... WDEF in [SimWare 3.1 (Mac)] & it gave my Mac WDEF when someone used it 017 ...................................................................... [Virus X?? (Mac)] deletes a file whenever the Mac is restarted 012 ...................................................................... [Possible Mac virus? Problems need an answer. (Mac)]hard disk dir funny 012 ...................................................................... [Grapes virus? (Mac)] icons for Fortran executable files turn into bunches of grapes 005 [Grapes (Mac)]: not virus. Someone messed with ResEdit? Rebuild desktop 006 [Re: Grapes virus? (Mac)] Track it with ResEdit. Clashing prog names? 006 [Re: Grapes virus? (Mac)] re progs with same creator id as FORTRAN apps 010 ...................................................................... [Re: Macvirus index? (Mac)] it is in pub/mac/doc dir on NIC.FUNET.FI 004 is [MacVirusIndex (Mac)] available from archive site in USA? 006 [Re: MacVirusIndex (Mac)]on ICARUS.CNS.SYR.EDU (128.230.1.49) in /virus 008 ...................................................................... ====================================================================== Subject: Virus-L index of volume 4 up to issue #014 (other computers) ====================================================================== If the 'Subject:' description has been lengthened hereinunder for clarity, its original part as in Virus-L is in [square brackets]. ...................................................................... SUBJECT ISSUE ...................................................................... Amiga virus - Reaper? (Amiga) 014 ...................................................................... [Re: Apple //gs Virus (Followup - READ ME FIRST)] Not virus but bug 005 ...................................................................... info wanted re [Apple //gs "Die!" Virus] 005 [Re: Apple //gs "Die!" Virus] after so many boot-ups, wipes hard disk 010 ...................................................................... (and see name of make of computer) [Unix and Mainframe Viruses] only need infect applications that the user has Write privilege to 001 ...................................................................... (computers (not only IBM PC's) which use UNIX operating system) [Unix and Mainframe Viruses] only need infect applications that the user has Write privilege to 001 [Need OTS Virus package (UNIX)] I want an antiviral package for a Sun 012 [Re: Need OTS Virus package (UNIX)] I want info re UNIX antivirals 013 [Re: Need OTS Virus package (UNIX)] There are UNIX viruses 017 ...................................................................... [Re: RSCS Protection (IBM VM/CMS)] I wrote a REXX to stop some viruses 017 ...................................................................... [TROJAN WARNING: A VM trojan horse (IBM VM/CMS)] GAME2 MODULE is trojan 010 [Worm / Virus on BITnet??? (IBM VM/CMS)] GAME2 MODULE in my readerlist 011 [GAME2 (VM/CMS)] came to Liverpool in UK from TRMETU.BITNET in Turkey 011 [GAME2 MODULE in CERNVM (IBM VM/CMS)] from ERDAL@TRMETU; short descr 011 [Comments on GAME2 (IBM VM/CMS)] on GAME2 COMMENTS at LISTSERV@PCCVM 012 [Update on GAME2 (IBM VM/CMS)] 017 ...................................................................... ====================================================================== Subject: Virus-L index of volume 4 up to issue #014 (miscellaneous) ====================================================================== If the 'Subject:' description has been lengthened hereinunder for clarity, its original part as in Virus-L is in [square brackets]. ...................................................................... SUBJECT ISSUE ...................................................................... antiviral archive sites for various computers all of 003 anyone want a (section saying what to do with ZIP,ZOO,ARC,HQX,SIT,etc files) as an [Addition to monthly postings?] 006 [Re: Addition to monthly postings?] re previous: it would be useful 008 ...................................................................... [Antiviral evaluation guidelines] (long) 002 [Re: Disinfectant vs. Virex (Mac)]always use latest issue of antivirals 013 I want all info re [CARMEL Turbo Anti-Virus Set] 015 ...................................................................... [re: obscure procedure in Yankee Doodle (PC)] Yankee Doodle said to cure Ping Pong; DenZuk/Ohio cures Brain; TPxxVIR cures its old versions 009 ...................................................................... [Re: (1) GAO Report on Computer Security] on file pub/virus-l/docs/gao_rpt on computer cert.sei.cmu.edu (128.237.253.5), anonymous ftp 001 [Computers at Risk book - how to order - (General)] 007 [Re: Computers at Risk book - how to order - (General)] & contents list 009 ...................................................................... [more about the conference in Hamburg] (see Virus-L vol 3 #202) 001 ...................................................................... [Zmodem infected with Violator (PC)] new BBS line on Homebase BBS 001 let there be [Public domain virus information for archives?] 015 ...................................................................... what [Virus Prosecutions] have there been? 004 ...................................................................... why hasn't [UK Computer Crime Unit] got an email address? 001 [Re: UK Computer Crime Unit] has no email address because their superiors don't pay them much because they don't believe there is a problem 006 [Re: UK Computer Crime Unit]someone please tell them re email & Virus-L 008 ...................................................................... weapons makers put [(No) Viruses in Irak's EXOCET?] (missiles) (long) 010 [Re: (No) Viruses in Irak's EXOCET?] long reply to previous message 011 [Re: (No) Viruses in Irak's EXOCET?] there may well be one in it 015 ...................................................................... [Re: University Policy] Every time a user asked for a boot disk, we grabbed any floppies they had and SCAN'ed them. (We have Novell nets) 005 [Virus Guidelines] Wyoming Univ's rules for running antivirals 017 ...................................................................... how to [Prevent hard disk infection? (PC)] when cold booting from infected floppy in drive a: 006 [Re: Prevent hard disk infection? (PC)] not without extra hardware 008 [Re:Prevent hard disk infection? (PC)] longish re how infection occurs 008 [Re: Hard Disk Protection (PC) and (Mac)] (long) re Macs running files 010 [hardware] re #006 message: easy way to disable all writes to hard disk 011 [International Virus Infections (PC)] keep all disks write-protected 013 ...................................................................... [Politically motivated viruses] GrLkDos/Groen Links virus (Jerusalem variant)plays Dutch 'Groen Links' (Green Left) political party's tune 009 ...................................................................... [Processor-specific viruses and other subjects (PC)]; translations reqd 013 [Processor-specific viruses and other subjects (PC)] Hungarian? 015 translation of [Hungarian text in virus (PC)] 017 [Re: Processor-specific viruses and other subjects (PC)] translation 017 ...................................................................... [Little interest for authentication program], so I am dropping the idea 014g ...................................................................... [please stop the requests] I do NOT give out virus code 001 ...................................................................... <"virus": difference from "trojan" etc; terminology; virus names> [Eaters of Language: (WAS: (No) Viruses in Irak's EXOCET?)] difference between virus & worm & trojan & magic cookie 012 ...................................................................... [VIRUS-L administrivia] 002 [Administrivia - Document archive update] on cert.sei.cmu.edu 008 ...................................................................... how do I download the [Macvirus index? (Mac)] 001 ...................................................................... [re: Virus Vaccine (PC)]Internet worm infected only systems using UNIX 005 ...................................................................... I want a PD/Shareware [Disk Utilities (PC)] package, not too expensive 001 [Re: Viruses for the holidays & admin note] What next!?(see vol 3 #205) 001 [Various Comments] 002 [Re: Job Market (PC)] in the computer antivirus trade 002 what is [SITELOCK] by Brightwork Development Inc.? 012 I want info re [security awareness funding] 014 [This is getting insane...] I have received 90 new viruses 015 ...................................................................... xxx ------------------------------ End of VIRUS-L Digest [Volume 4 Issue 21] *****************************************