VIRUS-L Digest Thursday, 1 Jun 1989 Volume 2 : Issue 124 Today's Topics: VIRUS ALERT: nVirB infection at teesside poly, uk Administrative tidbit Your assistance please... Re: nVirB infection at teesside poly, uk (Mac) Latest FluShot+ version IBMPC Antivirals --------------------------------------------------------------------------- Date: Wed, 31 May 89 17:31:55 BST Sender: Virus Alert List From: LBA002@PRIME-A.TEES-POLY.AC.UK Subject: VIRUS ALERT: nVirB infection at teesside poly, uk The Apple Macintosh networks at Teesside Polytechnic Main Site Library & Flatts Lane Business School Library have been infected with the nVirB virus. Earliest infection date seems to be end of April. Machines infected include 128/512k, Mac+, Mac SE, Mac II. Effects: icons disappear from desktop, problems printing. Have used Disinfectant to scan for nVir resources and to remove nVir resources, Immunity to insert "fake" nVir=10 resources to prevent further infection. Rgds, Iain Noble ------------------------------ Date: Thu, 1 Jun 89 10:34:04 EDT From: luken@ubu.cc.lehigh.edu (Kenneth R. van Wyk) Subject: Administrative tidbit Now that I'm back from the islands mon, I have an announcement to make mon (that's island talk, mon :-). On June 16, 1989, I'll be leaving Lehigh University and going to Carnegie Mellon University, where I've accepted a position in their Software Engineering Institute as Technical Coordinator on the Computer Emergency Response Team. One way or another, I plan to continue moderating VIRUS-L/comp.virus. Things might be a bit shakey during the interim, but VIRUS-L will survive. So, please bear with me. Regards, Ken van Wyk ------------------------------ Date: Wed, 31 May 89 17:19 EDT From: Bill the Cat Lives!! Subject: Your assistance please... VIRUS-PLEA 1/4 Hello, my name is Bill Hadley. I would like to ask a favor of the readers of VIRUS-L. I am doing research (which will hopefully become a book) on computer viruses and computer security. I what I would like you to do, is to write me a letter if you have ever had an experience with a virus or trojan horse program. What I would ask that you include in your letter is: Name of the Virus or Trojan Horse. What computer and operating system does this virus/trojan horse exist on. What did the virus/trojan horse do. How did you deal with it. Where did this happen (ie. George Mason University in Fairfax, Virginia...or company name..whatever..). What is your name (if you don't mind if I put it in a section of names in the back of my book). If you would please answer these questions and send them directly to me, WLHADLEY@GMUVAX.GMU.EDU (not VIRUS-L), I would greatly appreciate it. This will assist me on trying to track what viruses have spread and how. If you have had problems with more than one of these evil programs, then answer these questions for each virus/trojan in your letter (even the Internet Worm which struck last November). If more than one person writes me from one node with the same information, that is okay...it will help me in the verification of virus reports. Please only answer this message once. I will try to post it once a month for the next three or four months to try to catch new readers. I realize that I will receive alot of mail, I have already tried to make room for that. I thank you in advance for your assistance. I will post to the list any thing I find of urgent importance to the readers of VIRUS-L. Again, thank you for your time. Bill Hadley WLHADLEY@GMUVAX.GMU.EDU WLHADLEY@GMUVAX2.GMU.EDU ------------------------------ Date: Wed, 31 May 89 17:52:17 EDT From: Joe McMahon Subject: Re: nVirB infection at teesside poly, uk (Mac) >The Apple Macintosh networks at Teesside Polytechnic Main Site Library & >Flatts Lane Business School Library have been infected ... > ... Have used Disinfectant to scan for nVir resources and to >remove nVir resources, Immunity to insert "fake" nVir=10 resources to >prevent further infection... If your users will really use it and not turn it off, try to convince them that they should be running Vaccine. If you can, try to set up a "cleanup station" as recommended by the Disinfectant doc. Other than that, sounds like you've got it well under control. I only make these suggestions in case someone shows up with Scores, which Immunity WON'T block. --- Joe M. ------------------------------ Date: Thu Jun 1 10:18:53 1989 From: utoday!greenber@uunet.uu.net Subject: Latest FluShot+ version Ken: You advised Andy Wing to use FSP1.52. Newest version is FSP1.6. Got some extra goodies in it, some more informative stuff, and the doc has been updated a tad. Ross [Ed. I stand corrected. Thanks for the update, Ross!] ------------------------------ Date: Thu, 01 Jun 89 10:19:12 EDT From: Arthur Gutowski Subject: IBMPC Antivirals Hello, netland. Some time ago, I sent out a request to all of you to send me info regarding IBMPC anitiviral programs that are available (for our "extermination" team here at WSU). I'd like to thank all of you who have sent me correspondences and files, especially Matt Mathai, Jim Wright and Yuval Tal. Jim has taken on the volumnious (SP?) task of coordinating a cross-network antiviral archive. He has been a tremendous help to our efforts. Now that I've amassed a collection of antivirals, I'd like to pose another question to you folks...that is >What are your opinions on these products, and which would you recommend using?< These programs will be distributed (if they are PD or Shareware, that is) to the university public as well as the staff here. Here's what I have: ALERT13U ARC Alert! v1.3 BOMBSQAD ARC Bombsqad v1.0 CAWARE ARC CAware v?.? (for executable C programs) CHKSUM ARC Checksum v?.? CHKUP32 ARC Checkup v3.2 CHK4BOMB ARC Check for Bomb v1.0 CONDOM ARC Condom v?.? DEBRAIN ARC Debrain v1.4 DELOUSE1 ARC Delouse v1.0 DETECT2 ARC Detect v2.? DPROT102 ARC Dprotect v1.02 FILE-CRC ARC File-CRC v?.? FSP$152 ARC Flushot+ v1.52 SENTRY02 ARC Sentry v2.? SYSCHK1 ARC Syscheck v1.0 TRAPDISK ARC Trapdisk v1.0 UNVIR ARC A comprehensive package of extermination/prevention/ resident-memory-check programs VACCINE ARC Vaccine VACCINEA ARC Vaccinea (is there a difference between this and the above?) VCHECK ARC Vcheck v1.1 Of the above, Debrain seems a must for (c)Brain removal. On first glance, and what I've made of previous discussions, Flushot+, Sentry, and Alert! seem to be the frontrunners in CRCs and segment-checking programs. These appear to superseed (or even outdate) most of the other CRC, file-attribute, or file- segment checking programs such as Condom or Vaccine. Of the resident disk protection mechanisms, Trapdisk and Dprotect seem to be the more up-to-date programs. Let me have some relatively unbiased evaluations of what these programs can do and how effective and easy to implement they are, etc. (I ask for unbiased because I know the authors of most of these programs subscribe to this list ;^) I'm interested in hearing any comments about the Unvir package as well, since I've never heard of or seen it before. Please respond directly to my Bitnet address below. One last poser and I'll bow out of this somewhat long posting. I also have available a FIX EXEC written in CMS REXX to cure some UUencoded file transfer problems I've been having when getting files from across gateways. It was written in order to re-translate some of the characters that some mailers translate when the mail go through. It picks on about five or six specific hex codes that cause these problems. It was written by a data comm fellow over here by the name of Brian Holmes. But, before you ask me for it directly...Ken, how about posting this one at your Lehigh archive sight (or any of the antivirals I've compiled here for that matter)?? Drop me a reply and let me know what you think. [Ed. Send me the EXEC (for now), and I'll get it posted. Thanks!] Thank you for your help and patience. Art +------------------------------------------------------------------+ | Arthur Gutowski | | Tech Support | | WSU Computing Services Center | | AGUTOWS@WAYNEST1.BITNET | | "Let's do it to them before they do it to us!" | +------------------------------------------------------------------+ ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253