VIRUS-L Digest   Wednesday, 20 Sep 1989    Volume 2 : Issue 197

VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed.  Contributions should be relevant, concise,
polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's
LEHIIBM1.BITNET for BITNET folks).  Information on accessing
anti-virus, document, and back-issue archives is distributed
periodically on the list.  Administrative mail (comments, suggestions,
and so forth) should be sent to me at: krvw@SEI.CMU.EDU.
 - Ken van Wyk

Today's Topics:

Re: More on October 13 virus (PC)
VirusDetective Info (Mac)
Description of known virus actions
Re: Macintosh Virus
Re: Macintosh Virus
Centel Corp. and ViruScan

---------------------------------------------------------------------------

Date:    Tue, 19 Sep 00 19:89:48 +0000
From:    davidsen@crdos1.crd.ge.com
Subject: Re: More on October 13 virus (PC)

If you have a program to backup just the FAT it may be effective with
this virus. Not that I would neglect backing up the whole disk... but if
you have a FAT cache program you might save a lot of time just restoring
that.

bill davidsen   (davidsen@crdos1.crd.GE.COM -or- uunet!crdgw1!crdos1!davidsen)
"The world is filled with fools. They blindly follow their so-called
'reason' in the face of the church and common sense. Any fool can see
that the world is flat!" - anon


------------------------------

Date:    Tue, 19 Sep 89 16:16:49 -0500
From:    ST1083%SIUCVMB.BITNET@IBM1.CC.Lehigh.Edu
Subject: VirusDetective Info (Mac)

I have used VirusDetective for almost a year. The program originally
detected the nVIRb strain here at SIU-C. I have and use the most
recent update of the program and it works excellent. To me it has been
reliable for detecting all known viruses. For more information or to
own your own copy contact:

Jeff Shulman
P.O. Box 521
Ridgefield, CT. 06877-0521


------------------------------

Date:    Tue, 19 Sep 89 18:38:00 -0600
From:    LMCOUNTS%UALR.BITNET@VMA.CC.CMU.EDU
Subject: Description of known virus actions

Has there been a list published here or elsewhere that lists the known
PC and MAC virus and how they might possibly be noticed by the everyday
user?

Neta Counts
University of Arkansas at Little Rock

------------------------------

Date:    19 Sep 89 23:07:04 +0000
From:    consp11@bingvaxu.cc.binghamton.edu
Subject: Re: Macintosh Virus


In article <0001.8909191859.AA09184@ge.sei.cmu.edu> JOHN P. BRADLEY writes:
>...
>     Well it was bound to happen - why should we be any different?  We
>believe we have discovered a virus in our microcomputer lab.  So far, we
>have only found one contaminated diskette.  This is a MAC station disk
>used for booting a MAC to work with Appleshare.  We ran VIRUS Rx and it
>confirmed a user's suspicion.  The report from VIRUS Rx detected the
>presence of the SCORES virus (or so it seemed to indicate).
>...

I suggest you get your hands on a copy of the PD program Disinfectant.
(I believe it's up to version 1.2, but 1.0 should work fine.)  It will
scan the disk, find, and eradicate the virus.

- --Brett Kessler


------------------------------

Date:    20 Sep 89 03:32:15 +0000
From:    mmccann@hubcap.clemson.edu (Mike McCann)
Subject: Re: Macintosh Virus

In article <0001.8909191859.AA09184@ge.sei.cmu.edu>, JOHN P. BRADLEY writes:
>      Well it was bound to happen - why should we be any different?  We
> believe we have discovered a virus in our microcomputer lab.  So far, we
> have only found one contaminated diskette.  This is a MAC station disk
> used for booting a MAC to work with Appleshare.  We ran VIRUS Rx and it
> confirmed a user's suspicion.  The report from VIRUS Rx detected the
> presence of the SCORES virus (or so it seemed to indicate).
>      Has anyone else had a similar experience and could offer any ideas
> on how to proceed?  At present, we are beginning to check all station disks
> and offering to check any user's disks for a virus.  Next step, is
> education of the users, hoping that this won't get out of hand.

Our Macintosh labs were hit rather hard by the Scores virus quite some
time ago and the steps we took to get rid of the virus seemed to work
rather well:

1)  Remove the virus from all infected hard drives and boot diskettes
    with a good anti-virus program like Disinfectant (I only wish it was
    available then).

2)  Place a memory resident anti-virus program (like Vaccine or
    GateKeeper) on all hard drives and boot diskettes.

3)  Examine every diskette a student brings into the lab to use on the
    computers.  It only takes a few seconds to scan a floppy disk and
    the user is usually happy to know that all of his/her disks are
    virus free.

4)  Continue to scan all hard drives and boot diskettes for viruses on
    a regular basis for a while (not all students think it is important
    that you check all of their diskettes).

5)  Distibute copies of anti-virus program to the users.  Most ShareWare
    anti-virus programs are free and perform better than any commercial
    anti-virus programs that I have tested (my personal preferences are
    toward Disinfectant and Vaccine).

This should help keep your labs virus free.

Hope this helps,
- --
Mike McCann       (803) 656-3714   Internet = mmccann@hubcap.clemson.edu
Poole Computer Center (Box P-21)       UUCP = gatech!hubcap!mmccann
Clemson University                   Bitnet = mmccann@clemson.bitnet
Clemson, S.C. 29634-2803         DISCLAIMER = I speak only for myself.

------------------------------

Date:    Tue, 19 Sep 89 19:18:02 -0700
From:    portal!cup.portal.com!Alan_J_Roberts@Sun.COM
Subject: Centel Corp. and ViruScan

John McAfee posted this message on HomeBase and asked that it be sent
to VIRUS-L and other lists:

    A number of press releases issued by Centel Corp. of McLean VA
have implied or directly stated that they were "selling" a diskette
containing the VIRUSCAN program to combat the alleged DataCrime
threat.  In response I would like to state that there has been no
agreement between Centel and myself to allow such distribution, nor
have I at any time indicated to Centel that I was interested in such
an arrangement.  Any such distribution is taking place without my
consent and authorization, and I am strongly opposed to having
VIRUSCAN promoted in the fashion being conducted by Centel.  I have no
financial link to Centel and receive no part of of any incomes sent to
Centel to "purchase" the software.  Nuff said.

John McAfee

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253