From Fidoii.CC.Lehigh.EDU!lehigh.edu!virus-l Tue Aug 31 02:43:36 1993 remote from vhc Received: by vhc.se (1.65/waf) via UUCP; Tue, 31 Aug 93 18:01:17 1 for mikael Received: from fidoii.CC.Lehigh.EDU by mail.swip.net (5.65c8-/1.2) id AA25642; Tue, 31 Aug 1993 13:01:17 +0200 Received: from Fidoii.CC.Lehigh.EDU ([127.0.0.1]) by Fidoii.CC.Lehigh.EDU with SMTP id <4144-2>; Tue, 31 Aug 1993 06:43:38 EDT Message-Id: <9308311044.AA16260@agarne.ims.disa.mil> Reply-To: virus-l@lehigh.edu Originator: virus-l@lehigh.edu Sender: virus-l@lehigh.edu Precedence: bulk From: VIRUS-L Moderator To: Multiple recipients of list Subject: VIRUS-L Digest V6 #116 X-Listprocessor-Version: 6.0a -- ListProcessor by Anastasios Kotsikonas X-Comment: Virus Discussion List Date: Tue, 31 Aug 1993 06:43:36 EDT VIRUS-L Digest Tuesday, 31 Aug 1993 Volume 6 : Issue 116 Today's Topics: Re: origin of term virus Re: A new virus information source Request for Assistance just wondering... os/2... (PC) (OS/2) Re: E-Rillutanza virus? (PC) Re: E-Rillutanza virus? (PC) New virus (?) (PC) MBR infection recovery software (PC) Automated Virus Writing Programs (PC) Re: Anti-virus software usable on LAN's (PC) DIR-2 and STONED in Israel (PC) New virus (off-road) (PC). Form virus (PC) Re: Information on the 'Trident' Virus (PC) Bizarre F-Prot corruption (PC) scan read only network drive ? (PC) McAfee scan with /ext option (PC) Stamford virus (PC) Write protect ... (HELP!) (PC) Datacrime (PC) FORM Virus Unremovable ? (PC) TBAV 6.04 vs Mcafee's antivirus (PC) Integrity Master V2 arrives! (PC) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a gatewayed and non-digested USENET counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. (The complete set of posting guidelines is available by FTP on CERT.org or upon request.) Please sign submissions with your real name; anonymous postings will not be accepted. Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. A FAQ (Frequently Asked Questions) document and all of the back-issues are available by anonymous FTP on CERT.org (192.88.209.5). Administrative mail (e.g., comments, suggestions, beer recipes) should be sent to me at: krvw@ASSIST.IMS.DISA.MIL. All submissions should be sent to: VIRUS-L@Lehigh.edu. Ken van Wyk ---------------------------------------------------------------------- Date: Sun, 22 Aug 93 01:21:03 -0400 From: hagbard@gagme.chi.il.us (Brian W. Dunn) Subject: Re: origin of term virus David Strip wrote: >don't know if it's the first ref, but "virus" in a remarkably prescient use >appears in the SF novel "When Harley was One" by David Gerrold (whose fame >lies in his authorship of the Star Trek episode "The Trouble with Tribbles". Also appears in John Brunner's _Shockwave Rider_ along with worms etc. hagbard - -- Who is John Galt? This is my public key for PGP. Hagbard Celine - -----BEGIN PGP MESSAGE----- Version: 2.2 iQCVAgUAK5lN0vTKAIGN5yLZAQEu5AP6AqFqHBzphx8EWmSDKuYLkdRlaEpDpWxd N/lxpa5aqBfy/Zv8LX9bxoHAyKLPG05LA3st6MKJrbUTs+AsmF9riR/gE5qwDymN EwdV3iReBCgxYemdHZki8nnS3mr1OkqlzxcC4XW2/Q5ptvCZ6RA8vvDZ0krw4Qd6 2L+RiS1Qvl0= =/Z3A - -----END PGP MESSAGE----- ------------------------------ Date: Tue, 24 Aug 93 12:58:07 -0000 From: leveret@warren.demon.co.uk (Nick Leverton) Subject: Re: A new virus information source A.APPLEYARD@fs1.mt.umist.ac.uk writes: > > IPE Corporation Ltd (9-10 Alfred Place, London WC1E 7EB, England, >tel. (UK) 071 436 2244) have started to publish a periodical called >"Secure Times" about computer viruses and antivirals. The first >edition (numbered "vol 1, Sept 1993") arrived today as a free >distribution; it is of four A4 sides including an article about Tremor >virus. I received a copy. It is heavily laced with promotion for McAfee's software, for whom they are the UK agents. Nick Leverton ------------------------------ Date: Tue, 24 Aug 93 09:16:09 -0700 From: aryeh@mcafee.com (McAfee Associates) Subject: Request for Assistance REQUEST FOR ASSISTANCE: Internationalization of McAfee Associates' Software Screen Messages: One of the most innovative and well-received features in our software has been the ability for it to display messages in languages other than English. McAfee Associates has prided itself in providing all of our users around the world with a way to run VIRUSCAN in their own language. Language files translated and updated by McAfee Authorized Agents in their respective markets can be obtained by downloading from our Licensee BBS or contacting those Agents (contact information is provided in the AGENTS.TXT file included in all of our .ZIP files). Languages currently provided by Authorized Agents include: Danish, Finnish, Swedish, Norwegian, German (both Swiss and German dialects), Italian, and Portuguese languages. Language files translated by McAfee Associates or other interested parties are available for download from HOMEBASE BBS, CompuServe (GO MCAFEE), Internet: mcafee.com, and America On-Line. Languages currently supported by files available for general download include: French, Spanish, and Bulgarian. If you have experience in translating technical (computer) documentation between English and other languages, and have an interest in translating the screen messages into a language not already supported, we would appreciate hearing from you. A typical message file is approximately 300 lines long, and once updated may need slight changes (10-20 lines) every other month. We can't offer any compensation for this, other than free registration for your personal use of McAfee shareware products. You will, however, have our--and our users'--gratitude. If you are interested in translating or updating message files for us, please send e-mail to to either Aryeh Goretsky (AOL: mcafee INTERNET: aryeh@mcafee.com, COMPUSERVE: 76702,1714) or Igor Grebert (INTERNET: sunset@mcafee.com). Thank you. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - McAfee Associates, Inc. | Voice (408) 988-3832 | INTERNET: aryeh@mcafee.COM 2710 Walsh Ave, 2nd Floor| FAX (408) 970-9727 | IP# 192.187.128.1 Santa Clara, California | BBS (408) 988-4004 | CompuServe ID: 76702,1714 95051- USA | USR HST Courier DS | America Online: McAfee ------------------------------ Date: Wed, 25 Aug 93 20:25:23 -0400 From: IZZYOY9@mvs.oac.ucla.edu Subject: just wondering... os/2... (PC) (OS/2) Mose of these pc viruses are MSDOS based, right? What percentage do you think would be able to infect a system using OS/2 and the HPFS instead of FAT? Are there any OS/2 specific virii? ------------------------------ Date: Fri, 20 Aug 93 21:52:42 -0400 From: sci00019@leonis.nus.sg (CHENG MUN WAI) Subject: Re: E-Rillutanza virus? (PC) William H. Lambdin (73044.2573@compuserve.com) wrote: : Date: Wed, 11 Aug 93 04:44:02 -0400 : From: sci00019@leonis.nus.sg (CHENG MUN WAI) : >What I want to know is that have anyone had a similar report using F-Prot : >which scan106 missed. I've also used F-Prot to scan my hardisk and indeed had several COM files that were suspicious of being infected with the E-Rilluttanza virus. I've send those files to Mcafee. I hope they can help. To my own problem I deleted those suspected files and copied uninfected files over it. This virus could be a Trojan virus but I don't think any virus could be benign. Mun Wai. ------------------------------ Date: Fri, 20 Aug 93 21:59:28 -0400 From: sci00019@leonis.nus.sg (CHENG MUN WAI) Subject: Re: E-Rillutanza virus? (PC) William H. Lambdin (73044.2573@compuserve.com) wrote: : Date: Wed, 11 Aug 93 04:44:02 -0400 : From: sci00019@leonis.nus.sg (CHENG MUN WAI) : >What I want to know is that have anyone had a similar report using F-Prot : >which scan106 missed. : If you will read tthe August LAT, you will see that Scan missed several : viruses in my collection. Overheard, What is this LAT that I see mentioned. I've also had F-Prot report the E-Rillutanza virus. Thanks. Mun Wai. ------------------------------ Date: Sat, 21 Aug 93 00:36:44 -0400 From: uttsbbs!jonathan.salmon@uunet.uu.net (Jonathan Salmon) Subject: New virus (?) (PC) All- I'm new to this conference, so I don't know a whole lot about virus prevention. My question is, what is a "scanstring"? Is this something the McAfee program uses? - ---- +------------------------------------------------------------------------+ | The Transfer Station BBS (510) 837-4610 & 837-5591 (V.32bis both lines)| | Danville, California, USA. 1.5 GIG Files & FREE public Internet Access | +------------------------------------------------------------------------+ ------------------------------ Date: Sun, 22 Aug 93 07:58:57 -0400 From: dh441@cleveland.freenet.edu (Tony L Drake) Subject: MBR infection recovery software (PC) Within the last month or so of reading Comp.Virus, I have noticed a certain pattern in the posts. After having read and responded to a number of posts regarding infections in the boot sector, partition record, or master boot record of a hard disk, I have come to the conclusion that the majority of people do not know how to make the neccessary recovery disks before an infection, nor do they know how to properly recover once infected. There is a file available(unfortunately it is not yet on internet, it will be soon I hope) which explains in detail What backups to make, How to make them, why to make them, and how to use them to recover from an infection of the MBR, boot sector, or partition table. The file is called DRFINFO.ZIP and is available for download from Action Link Systems in Bradenton, FL. 813-747-9295 v32/42bis 14.4Kb 813-747-9670 HST 14.4Kb Included are the utilities needed to backup the MBR and CMOS, as well as vital information on how to use these utilities in case of an infection. This is FREEWARE. All you have to do is download it. The file only takes a few minutes to download, and the information it will provide you will more than pay for the time spent online. Feel free to contact me with any questions draket@freenet.scri.fsu.edu ------------------------------ Date: Sun, 22 Aug 93 15:26:11 -0400 From: sgt@lakes.trenton.sc.us (Sgt rock) Subject: Automated Virus Writing Programs (PC) I've heard alot lately about programs that actually write or create viruses. I think Virus Creation Laboratory is the name of one. Does anyone out there know anything about these programs? How many are there and where do they come from. I read one article where a anti-virus researcher wrote one of these programs to create viruses which he could the scan with various virus scanning programs. I would seem to me that most anyone who could get hold of these program could then become a virus programer. Sounds dangerous to me. Anyway I just want to know more about them. ------------------------------ Date: Mon, 23 Aug 93 00:23:37 -0400 From: s926191@yallara.cs.rmit.OZ.AU (Donald Edward Gingrich) Subject: Re: Anti-virus software usable on LAN's (PC) frisk@complex.is (Fridrik Skulason) writes: >marc_b@ingres.com (Marc Burckin) writes: >>A friend who is w/o net access has asked me to pose this question. >> "What types of software and/or methods to people use to keep >> their LAN's free of viruses? Is there a way to run the virus >> software from the server and thereby check all of the connected >> PC's?" >It is easy to run anti-virus software on the server if you have a Novell >sever, and several Anti-Virus NLMs exist (from Cheyenne, McAfee, Sophos and >several other companies, including our own US distributor). >Nowever, if you are using another network, this may be impossible, but you >did not include that information.. I am the administrator of a LAN Server network. I have set it up so that directories containing executables are read/execute permission for ordinary users. I may be living in a fools paradise, but I believe (hope :-)) that this protects the executables. In addition the NOS provides an optional file for each user called PROFILE.BAT which is executed at login. I have set this up with the use of the "at" command so that each user has several critical files SCANed daily and all files on the local hard drive weekly. Note that I would rate our virus exposure to be low to moderate (more low). Hope these thoughts may help. Comments regarding efficacy of the above method greatly appreciated. *************************************************************************** * Don Gingrich * Gingrich's Law * * Network Administrator * Software expands to fill the space * * State Electricity Commission * available to it -- plus 10% * * Melbourne Australia * I'm an optimist, alright? :-) * * s926191@yallara.cs.rmit.OZ.AU * #include * *************************************************************************** ------------------------------ Date: Mon, 23 Aug 93 04:21:11 -0400 From: hjstein@sunrise.huji.ac.il (Harvey J. Stein) Subject: DIR-2 and STONED in Israel (PC) This is in response to a response to my original message warning people about an infected computer game that was being given away by the Co-op Supermarket of Israel as a promotion for Scott Tissue toilet paper. The computer game (ZOOM) was infected by DIR-2 and STONED. I would have followed the quote-and-reply protocol, but my modem dropped the connection last time I tried, and now the reponse is no longer on comp.virus. The respondent in question said that he had personally scanned the master game disks as well as samples of the distributed disks, and had found no copies of the virus. He then went on to publicly chastise me for infecting the disk and blaming the Co-op and Scott Tissue. The facts are: -My machine was (as it always is) clean. -I scanned another machine and then scanned the disk again on this machine. The machine was clean and the disk wasn't. -If my machine gave the viruses to the game disk, then the viruses would have been found on my machine. They weren't. -I didn't blame anyone. I said that I picked up a disk from the Co-op Supermarket, that the disk was infected, that probably all their disks were infected and that people shouldn't use the disk. The only statement I implied that was incorrect was that all their disks were infected. -According to a national Israeli newspaper "dozens of people were affected" by the DIR-2 and STONED viruses found on these disks. Since I didn't talk to this paper, "dozens" doesn't include me. What can we conclude from this? Well, it's unlikely that dozens of people all had the DIR-2 and STONED viruses on their systems (and no other virus), and didn't notice this until they scanned this game disk. Evidentially, a small number of disks were contaminated, and not due to an infected master disk. Perhaps some people took the game home, infected it, and returned it, and the Co-op distributed the infected returns. Perhaps some stock-boys played with the game on infected back-room PCs, and then stuck the disks back out for distribution. Perhaps there was an infected duplication machine which was used for a small run of disks and later cleaned before the respondent (who's name escapes me) checked it. Perhaps the respondent should REFRAIN FROM YELLING at people before carefully reading their posts and checking details with them. - -- Harvey Stein Department of Mathematics Hebrew University hjstein@math.huji.ac.il ------------------------------ Date: Thu, 19 Aug 93 14:32:00 +0200 From: Amir_Netiv@f120.n9721.z9.virnet.bad.se (Amir Netiv) Subject: New virus (off-road) (PC). Hello everyone, A new virus was submitted to us just yesterday and following are its characteristis: - - COM infector. - - Effective length 894 bytes. - - Encrypted - simple XOR - single layer encryption. - - Virus hooks Int-08h (timer). - - After decryption the following pieces of text may be seen in the virus code: "AMEF0\OFF-ROAD" "*.com *.*" "????????COM" - - The virus is targetting COM files, infecting an entire directory at once. - - Its activation date is every 3ed month of the year (March), in which it formats floppies enterd at that day. - - Also the virus checks for mondays (???). IT was named "OFF-ROAD" due to the text fond inside. The reason i decided to publish this, is that it seems this virus was NOT originated in Israel and one should expect it to apear in other places of the world soon. No Anti virus detects or cleans it, (Except of-course generic detectors and cleaners such as our own V-CARE, by which is was detected and isolated). If anyone have more information on this virus, please e-mail me ASAP. keep well * Amir Netiv. V-CARE Anti-Virus, head team * - --- * Origin: <<< NSE Software >>> Israel (9:9721/120) ------------------------------ Date: Sun, 22 Aug 93 15:19:01 -0400 From: lapse@sizone.jaywon.pci.on.ca (memory lapse) Subject: Form virus (PC) > > Does anybody has any idea as to how to get rid of the beast (and still have > thedata on the disk)? Yeah, if the virus is not in memory you can copy the data onto your disk, format the infected disk then recopy the files back onto it. Memory Lapse - lapse@sizone.jaywon.pci.on.ca ------------------------------ Date: Mon, 23 Aug 93 06:48:18 -0400 From: wouter@stack.urc.tue.nl (Wouter Slegers) Subject: Re: Information on the 'Trident' Virus (PC) BUI, TIEN HY (tien_bu@pavo.concordia.ca) wrote: : neuro@santafe.edu (Terrance Johnson) writes... : >Brenda Parsons (parson@coulomb.pcc.oz.au) wrote: : >: We've recently had an attack of the 'Trident' virus, and seemed to : >: have gotten rid of it, but no one was able to supply us with information : >: as to what it would do when activated. : > : >The Trident virus I believe is not actually a virus, it is the Trident : >Polymorphic Engine, akin to the Mutation Engine, which encrypts a virus : >differently every time a new file is infected. Since any number of virii : >may use the Engine, it is impossible to say what the virus would have done : >upon activation. That is correct. The McAfee-scanner does pick up TPE as 'TridenT', atleast the v105 did. : Well, if that virus was really using the TPE, do you really think : that it would contain the string TRIDENT? I don't think so. What : I think it is, is just a virus created by the group TRIDENT. (maybe : one of their older creations) : Maybe I'll look into it to find out how many viruses the group : actually made and released. They made about 10-20 virusses, in about 6 strains. The best known are Crunshor, Coffyshop... They are dutch BTW... Greets Wouter - -- Wouter Slegers, 2nd year CS at TUE (nl), wouter@stack.urc.tue.nl. Disclaimer: If the above sounds plausible, reread it several times! Religion and sex are powerplays*manipulate the people for the money they pay Selling skin, selling god* the numbers are the same on their creditcards! GCS V1.1: d* -p+ c++++ l+ m* s++/- !g w+ t+ r+ u++ e* !n h-- f?||+ y? ------------------------------ Date: Mon, 23 Aug 93 10:42:51 -0400 From: Scott Gregory Subject: Bizarre F-Prot corruption (PC) I've got no idea what this could be - perhaps a freak accident. In any case, I had F-Prot 2.08 on my PC which I use for scanning for viruses. Yesterday I went to make a scan and the virus definition file had been corrupted. F-Prot gave a syntax error in the SIGN.DEF file. Looking over my disk with NAV showed a possible "unidentified" virus in f-prot.exe (my NAV is VERY old) and no other suspicious activity on the disk. Is there some fprot targeting virus, or is this a freak coincidence that this file went bad? A surface scan of my HD showed no bad sectors or areas. Finally, where can I get the newest copy of fprot? Thanks much, Scott wg2b@andrew.cmu.edu ------------------------------ Date: Mon, 23 Aug 93 20:18:24 -0400 From: Craig Williamson Subject: scan read only network drive ? (PC) I am using McAfee scan ver 106 with the following parameters: /a /adn /bell /chkhi /m /date /report and am trying to scan a read only network drive and am having a problem. scan is trying to write a file called scanval.val to the root directory of this network drive. I do not want any files in the root directory of this network drive. I am only trying to scan this drive. Is there anyway to allow this file to be created elsewhere or not used at all? Why is it needed? and why in the root directory of the disk? I would like to keep these disks read only for the purpose of my scan. Craig "Behind every dark cloud, - -Craig Williamson there's usually rain." Craig.Williamson@ColumbiaSC.NCR.COM - Mike Nesmith, The Monkees craig@toontown.ColumbiaSC.NCR.COM (home) ------------------------------ Date: Tue, 24 Aug 93 10:09:17 -0400 From: Craig Williamson Subject: McAfee scan with /ext option (PC) How do I use the /ext option to add scan signatures and include the other signatures so I don't have to do 2 scans. This is extremely important when scanning network drives which take too long anyway so I don't want to do them twice. Craig "No regrets, - -Craig Williamson no apologies." Craig.Williamson@ColumbiaSC.NCR.COM - Ronald Reagan craig@toontown.ColumbiaSC.NCR.COM (home) ------------------------------ Date: Tue, 24 Aug 93 16:57:55 +0000 From: srhitch@surya.uwaterloo.ca (Steve Hitchman) Subject: Stamford virus (PC) Can anyone supply tech info on the Stamford virus. I'm interested mostly in how it propagates. This is what I do know: Turns good floppies into "General Disk Failure" after short time of use. Only detectable with "scan /m c:" and is reported as being resident in RAM [Stam] but is not found on the hard drive itself. I could not get rid of it with dos format or dos fdisk. Low level hard disk format (as you would expect) cleaned up the problem. Any Comments? Steve Hitchman University of Waterloo Dept. of Mech. Eng. srhitch@ranger.uwaterloo.ca ------------------------------ Date: Wed, 25 Aug 93 12:27:01 -0400 From: berces@ludens.elte.hu Subject: Write protect ... (HELP!) (PC) Hi, Can anybody help me? The problem is the following: My computer (IBM386+110Mb harddisk[C+D part.]+MS-DOS 5.0+Stacker 2.0 version) displays at each disk operation on C that: "Write protect error writing drive C Abort, Retry, Fail?" (McAffee 106 virus-scanner can not find any viruses!) Is this a virus or any hardware problem? Thanks in advance! - -George ------------------------------ Date: Thu, 26 Aug 93 03:25:07 +0000 From: jbunting@gucis.cit.gu.edu.au (James Bunting) Subject: Datacrime (PC) I was wondering if anyone has information on the datacrime virus. My friends computer has got a case of it that does not show up with scan or the microsoft virus checker but is detected by an xtree (or something like that checker) I have probably got the same virus but I can seem to detect it >From what I have heard it will format my hard drive on the 10 th of September. So, if anyone has suggestion they would be most appreciated. Jim Bunting (jbunting@gucis.cit.gu.edu.au ------------------------------ Date: Thu, 26 Aug 93 09:30:51 -0400 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: FORM Virus Unremovable ? (PC) ( replying poster name deleted) Luc Henderieckx (Luc.Henderieckx@f902.n292.z2.fidonet.org) wrote: >: JC> Does anybody has any idea as to how to get rid of the beast (and still >: JC> have the data on the disk)? >Clean cannot remove it because the form has actually damaged the boot >sector so much that it cannot be restored to it's original status. If >your HD is clean just boot up from the HD then after boot up put in >the floppy, copy the files to you HD, Format the Floppy and copy the >files back. BULL ! Another virus myth that started with the MusicBug. True, the BPB (boot parameter block) in the FORM may be damaged (never really looked), BUT the FORM DBR contains the pointer to the Real DBR that FORM stashed out on the disk. All that is needed is to a) boot from clean floppy b) grab the apparent DBR (actually the FORM Virus) c) extract the CX and DX values for retrieving the Real DBR (think in doubleword at 4Dh but no guarentees from memory - obvious from code 8*) d) grab the Real DBR and copy back over the FORM DBR (Could be fully automatic if you KNOW that it is the Mk 1(A) FORM but a DBR is obvious, could even "walk the disk" & find it or just take the P-table values and create a brand new one - not that difficult, just tedious). Of course this does nothing for any corrupted sectors (three ?) but does defang the FORM and the disk is again safely bootable. As previously mentioned this was exactly the same as the early problem with the MusicBug but change 1 byte and the difficulty in booting clean went away. (Just an aside - actually MusicBug & Form recovery is nothing more than a boot floppy & debug - it doesn't matter that DOS cannot find the partition.) Warmly, Padgett ps am a bit disappointed, data recovery has not progressed beyond 1990 except in a few cases. Where have all of the profits the A-V vendors have made gone ? Apparently not into R & D 8*(. Is it just that the public does not know what is possible ? ------------------------------ Date: Thu, 26 Aug 93 11:18:27 -0400 From: as789@cleveland.freenet.edu (Francisco J. Diaz) Subject: TBAV 6.04 vs Mcafee's antivirus (PC) Can anyone comment on the performance of the 2 programs mentioned above? Which one offers more security, features, less false alarms..etc.. - -- | Francisco J. Diaz Rivera | Freenet: as789@cleveland.freenet.edu | | University of Puerto Rico | Internet: 841901723@cutb.upr.clu.edu | | Hey Waitress! There's a pubic hair in my soup! | | "Don't give up, don't ever give up" - Jim Valvano | ------------------------------ Date: Thu, 26 Aug 93 02:20:05 -0400 From: Wolfgang Stiller <72571.3352@compuserve.com> Subject: Integrity Master V2 arrives! (PC) Stiller Research announces release of Integrity Master(tm) version 2.01a Version 2.01a was released August 14th. Integrity Master provides complete, easy to use, data integrity for your PC plus virus protection. It can also be used to provide file change management and security on your PC. As well as scanning for known viruses, it detects unknown viruses and unlike other products will detect files which have been damaged but not infected by a virus. INTEGRITY MASTER PROTECTS YOU AGAINST ALL THREATS TO YOUR DATA AND PROGRAMS NOT JUST VIRUSES! IM is ASP shareware. New with version 2: 1) IM will now check your CMOS memory for any changes that could affect the integrity of your PC. IM can also reload your CMOS if needed. IM checks and reloads all possible CMOS not just 64 bytes supported by most CMOS programs. When your base CMOS changes, IM will display details on what was changed (e.g., floppy or hard drive setup). The "/CC" option initiates CMOS checking from the command line. "/CC" may be used with other "/Cx" type options. 2) IM now provides extensive control over when it will update your integrity data for changed files. If you suspect file problems, IM can now check your files without updating the integrity data or IM will ask what to do individually when certain files change. IM will of course continue to not update, when a known virus or a disk error causes a change to a file. 3) SetupIM has been enhanced to provide more specific guidance if you make potentially unwise option choices (such as recording off-line integrity data to a hard-disk rather than a floppy). 4) Sysops take note! IM will now tolerate a superfluous "*.*", "*.EXE *.COM", or even something like "D:\VIRUS\UPLOAD\*.*" as the first parameter on the command line or as part of the /Pyyyyy change directory command line option. This provides compatibility with some BBS upload processors that insist on including this on the command line. 5) IM now has an option to scan the current and all lower directories from the current subdirectory for known viruses. The new command line switch for this is "/VL". 6) IM identifies 200 new viruses by name and characteristic. Where do I find it? ------------------- Integrity Master should be available from any SDN or ASP affiliated BBS. Most larger cities have at least one such BBS the current file name is I-M201.ZIP (or .ARJ, .LZH, .PAK etc.). Plus, we upload the latest versions of Integrity Master directly to these boards: o First time callers can download and get support for Integrity Master from Wingit! (1-904-386-8693) V32.bis and USR HST o Sentry Net BBS (1-703-815-3244) o Free downloads of Integrity Master and support are also available via the Runway BBS. You must join Conference 77. Runway BBS: 215-623-6203 2400 215-623-9462 v.32 215-623-4897 HST o VFR Systems (Sara Gordon) BBS 1-219-273-2431 o Solitude (Fido 1:300/23) (1-602-747-5236) you can FREQ or download using the magic names: IMASTER or IM. o In the UK, Integrity Master is supported by The Farm BBS UK. 9 nodes Dual Standard HST. 7.2gb 0223 208094/208472/208363/208525/208598/208287. [Moderator's note: A copy of Integrity Master has been sent to the VIRUS-L/comp.virus PC archive sites.] You can also call Shareable Software International at 1-800-622-2793 or 1-708-397-1221 or fax at 1-708-397-0381. How do I make sure it's a valid version? ---------------------------------------- If you get a copy of Integrity Master from other than one of the above sources, you can make sure it's a legitimate copy of checking the PKzip CRC values: Here are the CRC values for the important files displayed by PKzip (either 2.04 or older versions) for version 1.51b: Length Method Size Ratio Date Time CRC-32 Attr Name ------ ------ ----- ----- ---- ---- -------- ---- ---- 2183 Implode 2151 2% 08-14-93 02:01 3da7f740 --w- GENVIR.EXE 127109 Stored 127109 0% 08-14-93 02:01 bee9e09b --w- IM.EXE 4582 Implode 2581 44% 08-14-93 02:01 3b074f35 --w- IMCHECK.EXE 3454 Implode 869 75% 08-14-93 02:01 a9db7921 --w- IMPRINT.BAT 1118 Implode 1011 10% 08-14-93 02:01 515b8205 --w- IMVIEW.COM 60528 Stored 60528 0% 08-14-93 02:01 e2a6ee39 --w- SETUPIM.EXE ------ ------ --- ------- 553568 323987 42% 24 Regards, Wolfgang Stiller Research, 2625 Ridgeway St. Tallahassee, FL 32310, U.S.A. ------------------------------ End of VIRUS-L Digest [Volume 6 Issue 116] ******************************************