home *** CD-ROM | disk | FTP | other *** search
-
- Files in this archive:
-
- DATACRM.DOC - This file.
-
- Version 0.1:
- NOCRM1.EXE (7822 bytes)- An antidote for the DATACRIME 1280 and 1168 viruses.
- NOCRM2.EXE (7842 bytes)- An antidote for the DATACRIME II virus.
-
- Version 1.1:
- NOCRM1.EXE (7838 bytes)- An antidote for the DATACRIME 1280 and 1168 viruses.
- NOCRM2.EXE (7890 bytes)- An antidote for the DATACRIME II virus.
-
- Updates: NOCRM1 Ver. 1.1 has been modified to discriminate files with a 'D'
- as the 7th character of the filenames. NOCRM2 Ver. 1.1 has been modified
- to discriminate COM files with a 'B' as the 2nd character of the filenames.
-
-
- WARNING -- NOCRM1 and NOCRM2 do not work together. If running both programs
- on the same files, the LAST program run (either NOCRM1 or NOCRM2)
- will take effect.
-
- Instruction:
-
- Place either of the programs on the preferred drive, type
-
- NOCRM2 (or NOCRM1).
-
- (My choice is NOCRM2, because it will protect your EXE files from
- DATACRIME II, and the 1280 and 1168 do not infect EXE files, and
- therefore your EXE files are safe from all three versions)
-
- The program will then search through the whole default drive
- (where you place the program), find the DATACRIME target files
- (including READ ONLY and HIDDEN files), and change their
- attributes so that they are immune from the said virus.
-
- One word of caution: if you are running any program that uses any
- of the checksum methods, you might want to rerun these programs for
- taking checksums again after running NOCRM2 or NOCRM1.
-
- If you have been hit by any of these viruses: These programs will
- come in handy in protecting your systems from being hit by the same
- virus again (which is very likely).
-
- About DATACRIME viruses:
-
- Recently, in investigating the 1280, 1168, and DATACRIME II
- viruses, I found some interesting differences between the first
- two versions and DATACRIME II. As a result, I have developed an
- antidote for both 1280 and 1168 (NOCRM1), and one for the
- DATACRIME II (NOCRM2). For developing antidotes, the most
- significant difference between these viruses is that the
- DATACRIME II virus generates a mutually exclusive signature set.
- Because of the said difference, the antidote for the 1280 and
- 1168 becomes a de-antidote for the DATACRIME II, and vice versa.
- Thus if a file is infected with either 1280 or 1168, it
- is still vulnerable to DATACRIME II, and vice versa
- (This situation does not exist between 1280 and 1168, however.)
-
- Another interesting fact is that the DATACRIME II
- purposely avoids infecting files with a "b" as the second
- character in the name (such as IBMBIO.COM and IBMDOS.COM), and
- the other two avoid infecting files with a "d" as the seventh
- character in the name (such as COMMAND.COM). Aside from that,
- the DATACRIME II virus can also infect EXE files, but the other
- two only infect COM files. The 1280 increases target COM files
- by 1280 bytes, the 1168 increases target COM files by
- 1168 bytes, and the DATACRIME II virus increases target COM files
- by 1514 bytes, and EXE files by usually 1814 bytes.
-
- Besides all these differences, DATACRIME II has the
- mechanism set within the virus to alter itself. This mechanism
- seems to do nothing but fool people who try to single step
- through it.
-
- About the antidotes:
-
- NOCRM1 and NOCRM2 are two quickly-put-together programs. Although
- these programs can immunize all your programs, they do not have
- many error checking mechanisms. In case of any problem, feel
- free to contact me on the network. These are just side products
- of my research and are free of charge. As long as this package
- is free, anyone can distribute it, but this note must be
- distributed along with the programs.
-
- Sincerely,
- Christina H. Fu
- Author of NOCRIME
- Aug. 29, 1989 (Ver 0.1)
- Sep. 8, 1989 (Ver 1.1)
-
