VIRUS-L Digest Friday, 21 Jul 1989 Volume 2 : Issue 157 Today's Topics: Correction to VIRUSCAN test (PC) what kind of virus is this? (PC) Re: Virus Bulletin the blurb WARNING: PKZIP V1.0 Beta (PC) Urban (urbane?) legends... --------------------------------------------------------------------------- Date: Fri, 21 Jul 89 08:51:39 -0700 From: huangcm@iris.ucdavis.edu (Christina M. Huang) Subject: Correction to VIRUSCAN test (PC) The version that I tested on yesterday was 0.3v29 instead of 0.3v27. I apologize. 29 identifies Ping Pong correctly while 27 doesn't. I will submit follow-up report if more discrepancy found between 27 and 29. - -CH ------------------------------ Date: 21 Jul 89 07:41:20 +0000 From: hans@let.vu.nl (Hans Varkevisser) Subject: what kind of virus is this? (PC) We have a virus on our PC, it is not a new one I think, but what to do? The virus infects all disks,5 1/4 and 3 1/2 and the harddisk. We can find the infected disks by using chkdsk. chkdsk gives 1024 bytes bad sectors on a infected disk. When we use that disk in another computer then we also have 1024 bytes badsectors on that harddisk. When we use format on an infected computer, there seems to be nothing wrong, formatting goes well, but when we use chkdsk it gives 1024 bytes bad sectors. So far I know that format, copy, diskcopy can't be used anymore and xcopy doesn't work anymore. I now low level format the harddisk and put the original files on it and we format all the floppydisks with badsectors. But when someone uses a disk with bad-sectors we have the virus back again. We also can see the virus when we using backup or pcbackup etc. then there is a little ball bounching over the screen. I also happens sometimes ! when we using copy, diskcopy or an other copy command. I don't know the program that infected our system, but we have a lot of work to deal with it. Is there a easier way to deal with the virus, except low-level format. Hans - -- Organisation: Free University, Faculty of Literature Amsterdam, the Netherlands Name: Hans Varkevisser (system administrator) hans@let.vu.nl or let.vu.nl!hans UUCP ------------------------------ Date: 21 Jul 89 14:17:11 +0000 From: Nick Rothwell Subject: Re: Virus Bulletin the blurb In article <0005.w8906292218.AA13144@ge.sei.cmu.edu>, davidf@CS (David.J.Ferbra che) writes: >For those of you who expressed interest in the Virus Bulletin, >here are the details: > >Published by Virus Bulletin Ltd, Haddenham, Aylesbury HP 17 8JD, > England. > Tel +44 844 290396 > Fax +44 844 291409 > >There is also a US contact address via Mrs June Jordan, +1 203 431 8720. > >The bulletin is published monthly at a cost of 195 pounds (350 dollars) ^^^^^^^^^^ >for 12 editions. Eeeek! What on earth could cause it to be that expensive? Is each edition the size of a telephone book, or something? >Dave Ferbrache Internet Nick. - -- Nick Rothwell, Laboratory for Foundations of Computer Science, Edinburgh. nick@lfcs.ed.ac.uk !mcvax!ukc!lfcs!nick ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ ~~ Fais que ton reve soit plus long que la nuit. ------------------------------ Date: Fri, 21 Jul 89 13:06:27 -0500 From: James Ford Subject: WARNING: PKZIP V1.0 Beta (PC) Found this on a BBS....... James P.S. Anyone know of a FORTRAN to C conversion program? Please respond to me and *NOT* to this list. Thx ======================== beginning of text ============================= WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! - -------------------------------------------------------------------- There is a file being circulated on many BBS's called PKZ100B.ZIP or similar, and contains PKZIP/PKUNZIP 1.0 Beta. This is not an official release of version 1.0 from PKWARE. The Beta software is not, and never was, intended for general distribution. When the programs are run they will display: PKZIP (tm) FAST! Create/Update Utility Version 1.0B 06-30-89 Copyright 1989 PKWARE Inc. All Rights Reserved. DO NOT DISTRIBUTE! PKUNZIP (tm) FAST! Extract Utility Version 1.0B 06-30-89 Copyright 1989 PKWARE Inc. All Rights Reserved. DO NOT DISTRIBUTE! clearly indicating that they are not for general distribution. * Moreover, the files being circulated have been altered from the * genuine Beta programs. While the nature of the alterations has * not been determined yet, I would be extremely leery of running * thes *** FFPJK You have a Mail Message from SMTPUSER@LEHIIBM1 *** e files. If you see these files on any BBS or on-line system, please ask the SysOp of that system to remove the files IMMEDIATELY. If you have any information leading to the individual(s) responsible for the alterations and uploading of the altered files, please report it to PKWARE immediately, either: by Voice at 414-352-3670 by BBS at 414-352-7176 by FAX at 414-352-3815 or by mail: PKWARE Inc. 7545 N. Port Washington Rd. Glendale, WI 53217 Phil Katz President, PKWARE Inc. - ----------------------------------------------------------- On a personal note, this intentional and willful act by the individual(s) that are responsible, people who asked to be Beta testers for the software and thereby asked PKWARE to trust them, is very disappointing. The Beta documentation explicitly asked that the software NOT be uploaded to any BBS or on-line system. These actions will only hurt and confuse the user community, and do not help anyone. Unfortunately, it also means that future releases of PKWARE programs will take longer due to additional security measures that will have to be taken with Beta software, in order to protect the user community against these types of vandalism, and prevent them from happening again. >Phil> - ----------------------------------------------------------- ------------------------------ Date: Fri, 21 Jul 89 15:45:00 -0400 From: dmg@retina.mitre.org (David Gursky) Subject: Urban (urbane?) legends... One of the managers here just plunked one of these "rumor" columns in front of me. According to this one, there exists a Mac virus that infects Microsoft applications, that interferes with non-Microsoft applications. Just to be on the safe side, does anyone know of concrete proof that such a virus (yes, I know the description above is a rather broad one) exists? David Gursky Member of the Technical Staff, W-143 Special Projects Department The MITRE Corporation ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253