Return-Path: Received: from csmes.ncsl.nist.gov (MACBETH.NCSL.NIST.GOV) by csrc.ncsl.nist.gov (4.1/NIST) id AA04611; Sat, 1 Aug 92 03:10:46 EDT Posted-Date: Fri, 31 Jul 1992 12:08:45 -0400 Received-Date: Sat, 1 Aug 92 03:10:46 EDT Errors-To: krvw@cert.org Received: from hooch.CC.Lehigh.EDU by csmes.ncsl.nist.gov (4.1/NIST(rbj/dougm)) id AA14425; Sat, 1 Aug 92 03:06:04 EDT Received: from (localhost) by hooch.CC.Lehigh.EDU with SMTP id AA06363 (5.65c/IDA-1.4.4); Fri, 31 Jul 1992 12:08:45 -0400 Date: Fri, 31 Jul 1992 12:08:45 -0400 Message-Id: <9207302004.AA22651@barnabas.cert.org> Comment: Virus Discussion List Originator: virus-l@lehigh.edu Errors-To: krvw@cert.org Reply-To: Sender: virus-l@lehigh.edu Version: 5.5 -- Copyright (c) 1991/92, Anastasios Kotsikonas From: Kenneth R. van Wyk To: Multiple recipients of list Subject: VIRUS-L Digest V5 #134 Status: RO VIRUS-L Digest Thursday, 30 Jul 1992 Volume 5 : Issue 134 Today's Topics: RE: write protect on C: (PC) Re: Virus Creation Laboratory (PC) Re: GIF viewer crashes system (PC) Re: victor charlie (PC) Re: WARNING - Virus Creation Laboratory (PC) Help with Central Point Anitvirus and FPROT (PC) Frodo False Alarm (PC) Re: GIF viewer crashes system (was Re: an amazing problem) (PC) Re: Strange Identification with SCAN91 (PC) Re: Virus Question re printer, floppy problems (PC) re: virus hiding printer (PC) Re: Common misconception (was: Re: VET as good as SCAN) (PC) Re: How do I reverse the effect(s) of Stoned ? (PC) Re: Bugsres-2 (PC) Disinfectant 2.9 problems (Mac) re: Disinfectant 2.9 problems (Mac) Re: Virus BBS List? Re: Virus BBS List? New files on risc.ua.edu (PC) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. (The complete set of posting guidelines is available by FTP on cert.sei.cmu.edu or upon request.) Please sign submissions with your real name. Send contributions to VIRUS-L@LEHIGH.EDU. Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. A FAQ (Frequently Asked Questions) document and all of the back-issues are available by anonymous FTP on cert.org (192.88.209.5). Administrative mail (comments, suggestions, and so forth) should be sent to me at: . Ken van Wyk ---------------------------------------------------------------------- Date: Tue, 28 Jul 92 11:04:51 -0400 >From: smith_s@gc.bitnet (Steven W. Smith) Subject: RE: write protect on C: (PC) >Date: Thu, 23 Jul 92 05:09:01 +0000 >From: glratt@is.rice.edu (Glenn Forbes Larratt) >Subject: GIF viewer crashes system (was Re: an amazing problem...) (PC) > >sbb1@Ra.MsState.Edu (Shay B. Berthelson) writes: >>t7@elan.glassboro.edu (TEMP_7) writes: >> >>>i am in desperate need of help. >> >>>yesterday i downloaded a piece of software called NakedEye -- a p.d. gif >>>viewer -- when i tried to run it, the screen blanked and the system crashed, >>>but when i rebooted i got an error "drive c write protected" -- i am using >>>dos 5.0 and as far as i know (and as far as my manual says) you cannot write >>>protect a drive. although i am also running stacker and 4dos. 4dos does not >>Do you have a virus scan program??? Really sounds to me like you got infected. >>Better get a scan/clean prog. and clean it up. Most stuff can be fixed and >>saved if it hasn't destroyed everything. > >I agree that this sounds like malicious code at work, since t7's >assumption is correct that write-protecting a hard drive is not a part >of standard MS-DOS or (I think) 4DOS or Stacker. This is especially >likely if you down- loaded from a BBS or from an INCOMING directory of >an ftp site. I've experienced the same thing using DR DOS 6.0 with disk compression. It was not virus-related in any way. It's very likely that CHKDSK/F will put everything back in order. I think that it's a nice feature to add the write protect if you subtly munge your disk, but it would be nice to clue the user in about using CHKDSK/F to clean up. Hope you haven't formatted your HD yet or anything :-) _,_/| \o.O; Steven W. Smith, Programmer/Analyst ------------------------------ Date: Tue, 28 Jul 92 13:33:30 -0400 >From: Lynn R Grant Subject: Re: Virus Creation Laboratory (PC) >It is interesting to note that Nowhere Man has the gaul to expressly >forbid any disassembly of his code, or the use of any binary strings >produced by his program for the purposes of scanning for viruses >created by the package. Yah, right, Nowhere Man. Go ahead, sue me. I wonder if he could. I don't believe making a Virus creation laboratory is illegal (correct me if I'm wrong), though using it probably is. In that case, he ought to be able to forbid disassembly of his code the same way IBM does with their licensed code. It might be interesting to watch the court cases where people have tried to hold gun manufacturers liable for murders committed with their products. (To avoid excessive flames and digressions, I won't say which side I'm on in that issue.) What would be really interesting is if he waited until a virus created with his laboratory infected your machine, then sued you for using his licensed code (the code in the virus) on your machine without a license. (Sort of like the kids in my old neighborhood, who would shovel your sidewalks in the winter without being asked, then knock on the door and expect you to give them a bunch of money for doing it.) Lynn Grant ------------------------------ Date: Tue, 28 Jul 92 17:42:33 +0000 >From: sempson@healthy.uwaterloo.ca (Stephen Sempson) Subject: Re: GIF viewer crashes system (PC) >t7@elan.glassboro.edu (TEMP_7) writes: > >>i am in desperate need of help. ... There are a number of possibilities. I found out that 'STACKER' does have some drivers in memory to control reading and writing to the disk. (Obviously, check out the 'Config.sys'). The trick here is that you must edit your config.sys file to stop the '/Swap' option. Rem the whole line out. Also take off the check disk integrity option. Reboot from here. The next step is to use 'scheck' which will flag you if a problem is found to use NDD or 'chkdsk /f' to correct the problems. At this point you must 'Unmount' the stacked disk. Then take off all of the file attributes to this file. It is probably Stackdsk.vol (Dosshell will even do this). Now you must remount the 'Stacked Disk'. >From here you will now have the write access to the Stack Volume Disk. Use 'Chkdsk /f' or 'NDD d: /complete'. Finally set your config.sys to its original setup and reboot. The long and the short... It ends up being a file allocation and lost clusters found scenario, which is compounded by the fact that you need to have 'Stacker' up and running, but limited from it's usual boot-up configuration. Hope this is useful if no virus is found... ---===---===---===---===---===---===---===---===---===---===---===---===---=== =========)_____._____ From: Stephen Sempson \ / / - ====={ University of Waterloo, Canada ===---===---===---===---===---===---===---===---===---===---===---===---===--- ------------------------------ Date: Tue, 28 Jul 92 15:55:09 -0400 >From: "William Walker C60223 x4570" Subject: Re: victor charlie (PC) >From: mebrown@hubcap.clemson.edu (Miriam E Brown) > Has anyone ever used Victor Charlie and have any opinions? Victor Charlie (VC) is the anti-virus package produced by Bangkok Security Associates (BSA) of Thailand. While I have not used it, I understand that it is fairly good. HOWEVER, BSA has been dabbling in some activities that many anti-virus researchers call unethical, and I personally recommend NOT using VC as a form of protest against this behavior (notice: this is my opinion). At the International Virus Prevention Conference (IVPC '92) in Washington, D.C. last month, John DeHaven, director and chief programmer of BSA, made a presentation on "The Virus Factory." Not the Bulgarian virus factory, which was what I expected, but a software package developed by BSA to generate programs which are encrypted and 50% of which drop a slightly modified version of Jerusalem-B. No existing scanner can detect the virus in these files, which was their point. The package was developed as part of an experiment to demonstrate that passive inspection (scanning) is inadequate. If BSA had left it at that, it would have been fine. However, BSA decided to distribute sets of these generated programs. Even though they had set up an elaborate security system for sending the programs to a researcher, the programs should not have been distributed at all. A random 50% of the programs contain a LIVE (not neutralized) Jerusalem-B virus, and none of them are detectable by existing anti-virus software (once dropped, though, the Jerusalem-B virus IS detectable). BSA had set up the elaborate distribution system to control and track distribution of these programs, but during the presentation, Dr. Alan Solomon stated that he had received a set from outside of this "secure" distribution channel. I hope that Dr. Solomon responds to this message and gives more details on the incident as well as his opinion on the matter. I'll agree that these particular programs are not much of a threat. They're supposed to be stamped with the name and address of the intended recipient, and the virus has "a one-byte alteration to eliminate the 'bombs'...," though it can still spread. However, I still feel that it is unethical to distribute live viri in this manner, particularly since they are not detectable in this form. Of course, this is just my opinion. I hope others share their opinions as well. > We are thinking of using it opposed to McAfee's Scan and Clean. Have you considered Frisk's F-PROT, Dr. Solomon's Anti-Virus Toolkit, IBM's VirScan, or Fifth Generation's Untouchable -- or some combination? You really should use more than one anti-virus product, and these aren't bad. Whatever you use, be sure that they are easy to keep up-to-date. The preceding comments reflect my opinions, and not those of my employer or the Air Force. Any errors are also mine, and are likely to be pointed out as such. :-) Bill Walker ( WALKER@AEDC-VAX.AF.MIL ) | OAO Corporation | "... but as we say on Earth, Arnold Engineering Development Center | c'est la vie." M.S. 120 | -- James T. Kirk Arnold Air Force Base, TN 37389-9998 | ------------------------------ Date: 28 Jul 92 21:48:18 +0000 >From: vail@tegra.com (Johnathan Vail) Subject: Re: WARNING - Virus Creation Laboratory (PC) millernw@craft.camp.clarkson.edu (Neal Miller) writes: Oh for crying out loud... Just what we need... A Virus-Construction Kit for beginners... I hope that McAfee gets their hands on this package ASAP, if not sooner. Here's an idea... Could someone conceivably write a virus that will seek out and destroy such a V.C.L. based on unique strings within the program? Just an idea... The short answer is yes. However, I hope this was a sarcastic comment. People have expounded many times on why a benevolent virus is not a good thing. For both technical and moral reasons. jv "Good doesn't live and theres no evil here, only this great power we misunderstand" -- Dinosaur jr. _____ | | Johnathan Vail vail@tegra.com (508) 663-7435 |Tegra| jv@n1dxg.ampr.org N1DXG@448.625-(WorldNet) ----- MEMBER: League for Programming Freedom (league@prep.ai.mit.edu) ------------------------------ Date: Tue, 28 Jul 92 19:08:19 -0400 >From: Steve Clancy Subject: Help with Central Point Anitvirus and FPROT (PC) The following was passed along to me by a user of our local BBS. I would appreciate any suggestions addressing his particular problem. - -- Steve Clancy =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= % Steve Clancy, M.L.S. % Wellspring RBBS % % Biomedical Library % 714-856-7996 300-2400 24hrs % % University of California % 714-856-5087 300-9600 24hrs % % P.O. Box 19556 % slclancy@uci.bitnet % % Irvine, CA 92713 U.S.A. % slclancy@uci.edu % %.....................................................................% % "As long as I'm alive, I figure I'm making a profit" % % - John Leas, 1973. % =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= I have DOS 3.3, a 286 10 MHz with 896K extended memory. I have Norton Utilities 6.0 Antiviral software that I have: Central Point Antivirus (CPAV) and FPROT. Part of CPAV is a program called VSAFE. This checks the programs you try to execute for viruses. There are also options that will have it alert the user if something is trying to become resident in memory, access a disk, format a disk, alter a file, etc. Lately, whenever I have the General Write Protect option on (when this is on, VSAFE will sound an alarm if anything is trying to write to a disk) and then I try running a program, VSAFE commplains that something is trying to write to the current disk. I don't know if it's trying to write to a sector, or if it's using regular file functions. When using FPROT on Heuristics, it complained that Norton Utilities was compressed by OPTILINK, and was skipping it. Those Norton Utilities program that weren't packed were checked. FPROT said that these programs used certain techniques to move around in memory that viruses usually use. I don't know if that's important or not, but I'll mention it just to be safe... When FPROT (on Heuristics scan) scanned WHERE.COM and DDIR.COM, it said that there was a virus that remained resident in them. When I tried running them (before they were scanned with FPROT) with VSAFE on, there was no mention that anything was trying to become resident. (Yes, I did have VSAFE set to alarm me if something DID try to become resident!) Anyway, that's really all there is, except that I have WHERE.COM and DDIR.COM in an archive (.LZH) file. P.S., I just remembered! Central Point Antivirus' scanner (the thing that checks the program files and actually removes viruses) has sometimes been complaining that some program files are SHRINKING. One of them was CSHOW.EXE (a graphics viewer). ------------------------------ Date: Wed, 29 Jul 92 00:00:11 +0000 >From: Jim.Baltaxe@vuw.ac.nz (Jim Baltaxe) Subject: Frodo False Alarm (PC) I just came across an interesting false positive reported by Virusafe v. 4.5, from XTree software running on a Toshiba laptop (386SX) under DOS 5.0 and an access control manager called Ironclad v. 2.0 from Silver Oak Systems. Virusafe reported the Frodo (4096) virus in memory but no infected files. F-Prot 204a did not report anything either in memory or on disk. Attempting to reboot from a known clean system disk failed because the ACM was active. Eventually we got an emergency boot disk for Ironclad which disabled the ACM. Then when we rebooted and rescanned with both Virusafe and F-Prot the system reported clean. EXE & COM files reported the same lengths with & without the "infected" system running. Unfortunately I am not very familiar with Ironclad so I cannot say exactly what it did (presumably packed/encrypted the disk?). Ironclad appears to be based on a hidden device driver which is unlikely to have been effected by the virus. Anybody come across this as well? - -- Jim Baltaxe - jim.baltaxe@vuw.ac.nz Computing Services Centre - Victoria University of Wellington - New Zealand - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Time is such a valuable commodity because they're not making it any more. ------------------------------ Date: Wed, 29 Jul 92 06:44:14 +0000 >From: ttan@cse.unl.edu (Teik Tan) Subject: Re: GIF viewer crashes system (was Re: an amazing problem...) (PC) >>>yesterday i downloaded a piece of software called NakedEye -- a p.d. gif >>>viewer -- when i tried to run it, the screen blanked and the system crashed, >>>but when i rebooted i got an error "drive c write protected" -- i am using >>>dos 5.0 and as far as i know (and as far as my manual says) you cannot write >>>protect a drive. although i am also running stacker and 4dos. 4dos does not >>>have a write protect command. does stacker? how did this happen? i am having >>>a hell of a time running applications now because of this persistant error. >>>any help would be greatly appreciated.... >> >>Do you have a virus scan program??? Really sounds to me like you got infected. >>Better get a scan/clean prog. and clean it up. Most stuff can be fixed and >>saved if it hasn't destroyed everything. I have come across such a problem. At the beginning I thought it must be a virus. But further thought leads me to think that there is no way that a hard disk could be write-protected, unless someone physically rewire the hard disk. Now, here is what I did: 1. Boot from a clean floppy disk (do not run stacker). 2. Change drive to the original hard disk where stacker is located. (ie: change to drive where STACKVOL.DSK is located) 3. Use DOS ATTRIB to clear the read-only attrib of STACKVOL.DSK 4. Cold boot (or reset) your system and try to start the stacker drive. If you follow the procedure above, your system should run properly. If it still doesn't run, then maybe it is a problem other than I have encountered. If it does run, then it is most probably due to the stacker drive problem. Normally, stacker alone gives no problem. But if it is run together with some caching program (like NCACHE, as was in my case), the problem would arise since both NCACHE and STACKER would try to write at the same time, thus "confusing" the computer. I don't know much about 4DOS, but I suspect more or less the same thing happen to your system. Hope this helps. Teik Leong Tan ttan@cse.unl.edu (Normal Disclaimer) ------------------------------ Date: 29 Jul 92 08:11:42 +0000 >From: frisk@complex.is (Fridrik Skulason) Subject: Re: Strange Identification with SCAN91 (PC) g89r4255@hippo.ru.ac.za (Lt Sajid Rahim) writes: >I find it very strange to see that SCAN identifies Saturday the >14th virus as Armagedom. Having disassemble the code for both >viruses, I find no particular relationship between the two. True - there is no relationship whatsoever. There are even some fundamental differences, such as that Armageddon adds its code in front of the files it infects, but Sat. 14th appends the code. However, the viruses may nevertheless have a code piece in common, which makes it possible to reduce the total number of search strings by one. After all, most users may not care which virus they have, only if they have a virus or not - a job which SCAN performs very well. - -frisk ------------------------------ Date: 29 Jul 92 08:13:22 +0000 >From: frisk@complex.is (Fridrik Skulason) Subject: Re: Virus Question re printer, floppy problems (PC) txl@dbs42.elsegundoca.ncr.com writes: >Is there any virus that can cause an IBM-compatible to be blind to the >printer (it thinks that an online printer is offline) and to the >changing of floppies (showing previous floppy contents after replacing >a floppy with another with different contents). Yes. Azusa. - -frisk ------------------------------ Date: Wed, 29 Jul 92 08:25:18 -0700 >From: txl@dbs42.elsegundoca.ncr.com () Subject: re: virus hiding printer (PC) Thanks for the responses to my question a few days ago regarding a virus capable of altering some data bits to hide the printer and the changing of floppies to my computer. Alas, a virus named 'Azusa' was found with the software from McAfe (I'm sorry if I misspell the name here). This virus lived in the partition table of my hard disk and in the boot sector of my floppies. After cleaning the virus, my system is back to normal. Thanks again for your responses. - -Tuan ------------------------------ Date: Wed, 29 Jul 92 16:41:56 +0000 >From: mcafee@netcom.com (McAfee Associates) Subject: Re: Common misconception (was: Re: VET as good as Viruscan? (PC)) mcafee@netcom.com I write: >(during the October, 1990 earthquake, we were "disconnected from the >electronic world" for about 36 hours). Oops, that was October, 1989. My apologies for any confusion. Regards, Aryeh Goretsky McAfee Associates Technical Support - -- - - - - McAfee Associates | Voice (408) 988-3832 | mcafee@netcom.com (business) 3350 Scott Blvd, Bldg 14 | FAX (408) 970-9727 | ObQuote: "Log... from Blammo" Santa Clara, California | | 95054-3107 USA | BBS (408) 988-4004 | CompuServe ID: 76702,1714 ViruScan/CleanUp/VShield | USR Courier DS 14.4Kb| or GO VIRUSFORUM ------------------------------ Date: Wed, 29 Jul 92 13:31:38 -0400 >From: "David M. Chess" Subject: Re: How do I reverse the effect(s) of Stoned ? (PC) > From: lachlan@dmp.csiro.au (Lachlan Cranswick) > ... > Stoned is quite happy to exist on a hard-disk which it slowly corrupts. No. Sorry to be contrary, but this is one of the most common viruses, and misinformation about it is a bad thing. The Stoned virus writes to a hard disk one and only one time: when the machine is booted from an infected floppy diskette. It never makes any alterations to the hard disk after that. No slow corruption, or fast corruption either, for that matter (with one exception; see the next paragraph). On some hard disks (those with the first partition stored immediately after the master boot record, rather than at the start of the next track), the virus will save a copy of the master boot record over part of DOS's data space (generally one of the FATs). (This is a bug in the virus, and apparently not intentional; the space is unused on most hard disks.) This can cause immediate problems if that part of the FAT is in use for files (the files will become cross-linked, invalid, and so on; CHKDSK will report many errors). If that part of the FAT is not in use, problems may occur later, when the disk gets fuller and DOS tries to use the part of the FAT that contains the saved original MBR. The machine may not boot from the hard disk, for instance. Cleaning up from a Stoned infection just involves reconstructing or restoring the code part of the Master Boot Record, using FDISK /MBR to rebuild the code from scratch (carefully! see back issues of VIRUS-L for details), or using any anti-virus program that can find and restore the original MBR. If the old MBR was placed in the FAT, and DOS has altered it (so the machine no longer boots from the hard disk), that won't work, and a rebuild-the-code-from-scratch is called for (unless you have a backup of the MBR lying around). Also if the old MBR was placed in the FAT, and that part of the FAT was in use for files, the files should be restored from backups (although if any are critical and not backed up, lots of slogging with some disk-explorer should be able to find the data eventually). The "hard drive named D:" effect in the original posting doesn't ring any bells with me. What does DOS think about C:? What does "DIR C:" do? I've not heard of the Stoned causing this effect before. Might be a coincidence, or an unusual interaction with something about your hard disk. - - -- - David M. Chess | "Some look at the world as it is, and High Integrity Computing Lab | ask 'why?'. I look at the world as it is, IBM Watson Research | and say 'Hey, neat hack!'." - J. R. H. ------------------------------ Date: Wed, 29 Jul 92 12:44:10 -0400 >From: glauber@ele.puc-rio.br (Glauber Maciel Santos) Subject: Re: Bugsres-2 (PC) Hello, The same thing happened to me when I ran F-Prot. The program I have is called BUGRES and it's not a virus. It's just a program that tries to simulate a virus by drawing some bugs on the screen. That's why F-Prot calls it a joke program. Glauber Santos ------------------------------ Date: 28 Jul 92 16:02:39 +0800 >From: "Fran Holtsberry" Subject: Disinfectant 2.9 problems (Mac) Since we began installing Disinfectant 2.9 on campus machines, we have had a rash of System errors. We have lock-ups, inits not loading, errors when attempting to access Apple Menu selections. . .. Anyone else experiencing this type problem? was there a warning with it that I didn't read? We are sending out a campus warning about Disinfectant 2.9 until I hear from some of you. Fran Holtsberry Fran_holtsberry@macgate.csuchico.edu ------------------------------ Date: Wed, 29 Jul 92 10:11:47 -0500 >From: mha@baka.ithaca.ny.us (Mark Anbinder) Subject: re: Disinfectant 2.9 problems (Mac) Fran Holtsberry says... > Since we began installing Disinfectant 2.9 on campus machines, > we have had a rash of System errors. We have lock-ups, inits > not loading, errors when attempting to access Apple Menu > selections. . .. You haven't specified whether you're referring to the Disinfectant INIT (or "Extension" in System 7 terminology) or just the application. My guess is the INIT, since just having the application on your hard drive shouldn't have this effect. > Anyone else experiencing this type problem? was there a > warning with it that I didn't read? One thing that's important to note, if you haven't used a version of Disinfectant since 2.7, is that System 7 users MUST put the Disinfectant INIT in the Extensions folder within the System Folder. Prior to version 2.7, the reverse was true: the Disinfectant INIT needed to be in the System Folder itself, not the Extensions subfolder. > We are sending out a campus warning about Disinfectant 2.9 > until I hear from some of you. Are these problems campus-wide? Or are they showing up on only a few machines? If you could provide more details, the rest of the group will be better able to offer suggestions. For example, what version of the System software (6.0.5? 7.0.1?) is running on the affected machines? What other INITs are present? Disinfectant is one of the most-compatible pieces of software I've seen in a long time, but conflicts can occur almost anywhere. Maybe we can figure out something that will help John Norstad make his software still more reliable. - -- Mark H. Anbinder mha@baka.ithaca.ny.us BAKA Computers, Inc. QuickMail QM-QM 607-257-2614 200 Pleasant Grove Road Phax 607-257-2657 Ithaca, NY 14850 Phone 607-257-2070 "Some people want to be independent but can't do it alone." -- Frank Romano ------------------------------ Date: Tue, 28 Jul 92 18:03:26 +0000 >From: rslade@sfu.ca (Robert Slade) Subject: Re: Virus BBS List? brianc@eskimo.celestial.com (Brian C) writes: >Could someone please e-mail me a list of virus related bbs? As coincidence would have it, I have just sent out a request on the Fidonet virus related echoes for information from sysops of antiviral BBSes. I do not expect to have most of the info for at least a month. I am not sure how this list will be maintained, but at the present time I suspect I will have to keep it separate from the CONTACTS.LST file. ============= Vancouver ROBERTS@decus.ca | "Kill all: God will know his own." Institute for Robert_Slade@sfu.ca | - originally spoken by Papal Research into rslade@cue.bc.ca | Legate Bishop Arnald-Amalric User p1@CyberStore.ca | of Citeaux, at the siege of Security Canada V7K 2G6 | Beziers, 1209 AD ============= for back issues: Contacts list: cert.org, /pub/virus-l/docs/reviews Reviews: cert.org, /pub/virus-l/docs/reviews/pc Column: cert.org, /pub/virus-l/docs/slade.cvp.articles For those without ftp, see Jim Wright's posting, or use Cyberstore. Also FREQ from 1:153/733 The Cage 604-261-2347. ------------------------------ Date: Tue, 28 Jul 92 22:06:35 -0400 >From: matrix@valinor.mythical.com (JJ Kahrs) Subject: Re: Virus BBS List? brianc@eskimo.celestial.com (Brian C) writes: > Could someone please e-mail me a list of virus related bbs? The problem with finding virus boards is that.... they don't want to be found. Almost ALL are underground.... and they go to great pains not to be found by the general public. -JJ Kahrs - ----- JJ Kahrs Internet: matrix@valinor.mythical.com uucp: uunet!valinor!matrix - ----- ------------------------------ Date: Wed, 29 Jul 92 11:33:40 -0400 >From: James Ford Subject: New files on risc.ua.edu (PC) The following files have been placed on risc.ua.edu in the directory /pub/ibm-antivirus for anonymous FTP: tbscan40.zip - Thunderbyte Scan v4.0 mteavr22.zip - Signature file for use with tbs* programs i-m123.zip - Integrity Master v1.23a i-msetup.bat - Batch file to set up Integrity Master - ---------- The number of a person's relatives is directly proportional to his fame. - ---------- James Ford - Consultant II, Seebeck Computer Center The University of Alabama (in Tuscaloosa, Alabama) jford@ua1vm.ua.edu, jford@seebeck.ua.edu Work (205)348-3968 fax (205)348-3993 ------------------------------ End of VIRUS-L Digest [Volume 5 Issue 134] ****************************************** Downloaded From P-80 International Information Systems 304-744-2253