VIRUS-L Digest   Thursday, 29 Jun 1989    Volume 2 : Issue 145
 
Today's Topics:
Amiga anti-viral programs
Re: Mac Archives - correction
on the recent BYTE virus article
Antique Systems (Mac)
Virus Bulletin the blurb
 
[Ed. This is the first digest being sent out from here at CMU, where
I'm using a different mail system (MH) than we used at Lehigh (RMAIL).
I hope that things will work ok, but please bear with us if we have
any problems.]
 
------------------------------------------------------------
 
Date:    29 Jun 89 19:27:50 +0000
From:    jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: Amiga anti-viral programs
 
 
< I'm in the process of creating a catalog of the archives for  >
< the Amiga, the IBMPC and for the various documents.  It will  >
< be typeset in LaTeX.  Do people prefer postscript files or    >
< .dvi files?  Anyway, this is a brief intro for the Amiga.     >
 
This is a short description of the files I have collected so far
for the virus-l/comp.virus anti-viral archives.  Please note that
in the listing of "viruses known", I'm only copying what is in the
documentation for the program.  It is very likely that many of
these will detect more than just the listed viruses.
 
Also, I may have opinions on these programs, but I'm not giving
them here.  I give no guarantees for any of these --- I just
want to make it available.
 
Jim Wright
28 Jun 89
jwright@atanasoff.cs.iastate.edu
 
 -----
AntiBiot.arc
 
Checks every disk inserted into df0: and "alerts you if there is
something alerting".  Apparently written in response to SCA virus.
 
v1.0 (?)
6 Oct 87
R. Paasivirta
Finland
 
 -----
NoVirus.zoo
 
Recognizes SCA, DASA (Byte Warrior), Byte Bandit, Northstar,
Microsystems, Revenge1.2, LSD, AEK, HCS and VKill1.0 viruses.
Will remove viruses from memory and disk.  Has feature to save
bootblocks.
 
v1.56
19 Jan 89
Nic Wilson
Australia
 
 -----
SafeBoot.zoo
 
Allows you to capture and save boot blocks.  These can later
be restored in case of disaster.
 
v2.2
3 Oct 88
Mark Lanoux
USA
 
 -----
VCheck.zoo
 
Check for the SCA and AEK virus on disk and in memory.
 
v1.2
9 Dec 87
Bill Koester
USA
 
 -----
ViewBoot11.zoo
 
This program allows you to view the boot block of your disks, and
will detect the SCA, LSD, Byte Bandit and AEK viruses on disk or
in memory.
 
v1.01
2 Mar 88
Brian Meadows
USA
 
 -----
Virus_Alert!.zoo
 
This program installs a custom boot block that talks back to you.
If this boot block acts strangely on bootup, you can suspect a
virus.
 
v2.01 & v1.01
11 Aug 88
Foster Hall
Canada
 
 -----
VirusCheck.zoo
 
This archive includes two programs to detect the SCA virus, plus
a couple of documents describing the virus.
 
VCheck v1.0
13 Nov 87
Bill Koester
USA
 
VirusTest v1.1
19 Oct 87
Craig Bowen
USA
 
 -----
VirusChecker.zoo
 
This is an update to the VCheck program.  Version 1.9 will only
check disks.  Use version 1.2 to check memory.
 
VCheck v1.2
VCheck v1.9
7 Jan 88
Bill Koester
USA
 
 -----
VirusX-3.20.zoo
 
This program will check all disks inserted into any drive, and will
detect viruses in RAM.  The viruses checked for include SCA,
Byte Bandit, North Star, Byte Warrior, Revenge, Obelisk, IRQ,
Pentagon Circle, HCS, DiskDoc, Graffiti, 16 Bit Crew, Phantasmumble,
Old Northstar, Ultrafox and Lamer Exterminator.  Includes source
code for skeptics.  Also includes the program kv to detect the
IRQ virus in files on a disk.
 
VirusX v3.2
kv v1.0
18 Feb 89
Steve Tibbet
Canada
 
 -----
VMK.zoo
 
This program is meant to go into the Startup-Sequence.  It examines
memory for signs of viruses, and if found informs you before
proceeding.  Detects the Microsystems, DiskDok, Lamer Exterminator,
Byte Bandit, Byte Warrior (DASA), SCA, HCS4220, NorthStar, Obelisk,
Pentagon, Revenge and IRQ viruses.
 
v12.0
15 Apr 89
Chris Hames
Australia
 
 -----
VRTest.zoo
 
This program will monitor memory around 0x7E7FE, and inform you
if anything changes.  It also allows you to view boot blocks, install
standard boot blocks, and inspect certain operating system vectors.
 
VRtest v3.2
4 Sep 88
Babar Khan
USA
 
- --
Jim Wright
jwright@atanasoff.cs.iastate.edu
 
 
------------------------------
 
Date:    Thu, 29 Jun 89 08:46:31 -0500
From:    jwright@atanasoff.cs.iastate.edu (Jim Wright)
Subject: Re: Mac Archives - correction
 
In article <0005.8906291152.AA13476@spot.CC.Lehigh.EDU> you write:
| <wsmr-simtel20.army.mil
| <       Access is through anonymous ftp, IP number 26.0.0.74.
|
| I believe the IP number should be 26.2.0.74.
|
| Allen Gordon
 
Thanks for spotting this.  I'll verify it and correct my listings.
If only nameservers really worked, I wouldn't even have to list
IP numbers!  :-)
 
- --
Jim Wright
jwright@atanasoff.cs.iastate.edu
 
------------------------------
 
Date:    Thu, 29 Jun 00 19:89:00 +0000
From:    utoday!greenber@uunet.uu.net
Subject: on the recent BYTE virus article
 
On the BYTE article with my byline on it.  Let's just say that the
BYTE staff are very creative in their editting and their copyed
procedures.  Although I was shown a proof of an earlier revision of
what they did, they opted to run an article I never saw.  Portions of
that article I did *not* write.  In particular, the tail of the
article (the "The Sky Is Falling!" silly stuff) came out of some
editor's keyboard, not mine.  They softened the technical side of the
article beyond belief ("An Interrupt Vector? Why would an interrupt
care about direction and magnitude? We'll change that to something
else.....Hey! Does anybody know anything about computers?").
 
Sigh.
 
Well, my complaints went up to the editor, Fred Langa, and I can but
hope that future writers for them would be pleased at the resulting
article with their name attached to it.  I specifically am displeased
at the mush article they had the nerve to print with my name atached
to it.
 
The Real Moral: Writer's articles get screwed around, even at what
used to be considered a fine publication.  Argggh!
 
Ross
 
------------------------------
 
Date:    Thu, 29 Jun 89 09:25:42 -0400
From:    Joe McMahon <XRJDM@SCFVM.GSFC.NASA.GOV>
Subject: Antique Systems (Mac)
 
>Thanks for the above. I tried it and although all the copying and
>pasting via ResEdit worked OK, no joy when I booted up with the new
>system. The Vaccine icon didn't appear and re-infection occurred when
>I used an infected disk on the machine. I have an application called
>"Immunity" which is supposed to protect the System file from re-
>infection by inserting nVir=10 code into the resource fork of the
>system file. It doesn't seem to insert it into other files that could
>be infected eg. Finder, MacWrite, MacPaint etc. Could I use
>ResEdit to copy the nVir=10 code and paste it into the other files/
>applications? Rgds, Iain Noble
 
You could, but it wouldn't help you any. What nVIR 10 does is act as a
switch to the nVIR virus to tell it not to propagate. It doesn't really
do anything else, and it won't help against any other virus. nVIR only
looks at the System folder to see if nVIR 10 is there; it doesn't look
at other files.
 
I'll check into some things I have, and post back if I find anything that
will work with the old System. Could you please drop me a note and let me
know exactly what version you're running? Thanks.
 
 --- Joe M.
 
P.S. If I come up with anything, I'll be sure to post it on our LISTSERV
and will send it to sumex, too.
 
 
------------------------------
 
Date:    Thu, 29 Jun 89 16:09:57 -0000
From:    David.J.Ferbrache <davidf@CS.HW.AC.UK>
Subject: Virus Bulletin the blurb
 
For those of you who expressed interest in the Virus Bulletin,
here are the details:
 
Published by Virus Bulletin Ltd, Haddenham, Aylesbury HP 17 8JD,
             England.
             Tel +44 844 290396
             Fax +44 844 291409
 
There is also a US contact address via Mrs June Jordan, +1 203 431 8720.
 
The bulletin is published monthly at a cost of 195 pounds (350 dollars)
for 12 editions. The first edition is due out on Monday 3rd July.
 
Virus bulletin describes its contents as:
Case studies, IBM PC/XT/AT virus listing and patterns for each known virus,
Mac virus listing and patterns for known viruses, Virus dissection in
detail of one virus each month, product evaluations, conference reports,
forthcoming events and world news.
 
Contributors are Joe Hirst (technical editor from British Computer
virus research centre), David Ferbrache (ahem?), Dr Bertil Fortie,
David Frost (no the one from Price Waterhouse), Hans Gliss, Ross
Greenberg, Dr Jan Hruska, Dr Keith Jackson, Martin Smociuk, John
Sherwood, Roger Usher and Dr Ken Wong. Most of the contributors are
involved in UK computer security concerns.
 
The bulletin also claims a 24 hour virus helpline service and a virus
analysis service.
 
 ------------------------------------------------------------------------------
Dave Ferbrache                            Internet   <davidf@cs.hw.ac.uk>
Dept of computer science                  Janet      <davidf@uk.ac.hw.cs>
Heriot-Watt University                    UUCP       ..!mcvax!hwcs!davidf
79 Grassmarket                            Telephone  +44 31-225-6465 ext 553
Edinburgh, United Kingdom                 Facsimile  +44 31-220-4277
EH1 2HJ                                   BIX/CIX    dferbrache
 ------------------------------------------------------------------------------
 
 
------------------------------
 
End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253