home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Arcade BBS
/
arcadebbs.zip
/
arcadebbs
/
VIRUS994.ZIP
/
994
next >
Wrap
Text File
|
1994-09-17
|
118KB
|
3,715 lines
Msg#: 7068 *Anti Virus Q&A*
07-11-94 06:18:14
From: RONALD RUPRECHT
To: SYSOP (Rcvd)
Subj: LENART VIRUS
Version 116 of McAfee does not seem to recognize the Lenart virus. I do not
know anything about this virus, only that CPAV sees it, but cannot clean it.
Please help, we have several infected PC's
Thanks, Ronald Ruprecht
Msg#: 7089 *Anti Virus Q&A*
07-11-94 10:25:45
From: ARYEH GORETSKY
To: RONALD RUPRECHT (Rcvd)
Subj: REPLY TO MSG# 7068 (LENART VIRUS)
Can you send us an infected disk for analysis? Thank you.
Aryeh Goretsky
Tech Support
Msg#: 7072 *Anti Virus Q&A*
07-11-94 09:49:43
From: ARYEH GORETSKY
To: BRENT PATHAKIS (Rcvd)
Subj: REGISTRATION
Hello Mr. Pathakis,
Version 11X is our old series of antivirus software. It detects slightly more
viruses than V2.X, but is slower and uses more memory.
You can register the software via the REGISTER text file that comes inside each
.ZIP file.
Aryeh Goretsky
Tech Support
Msg#: 7076 *Anti Virus Q&A*
07-11-94 09:51:26
From: ARYEH GORETSKY
To: DAVID RUSS
Subj: SITE LICENSE
I will forward a copy of your message to our sales department.
Aryeh Goretsky
Tech Support
Msg#: 7084 *Anti Virus Q&A*
07-11-94 10:11:30
From: ARYEH GORETSKY
To: LOEL LARZELERE (Rcvd)
Subj: STILL FALSE POSITIVE.
Please let me know how things go.
Aryeh Goretsky
Tech Support
Msg#: 7291 *Anti Virus Q&A*
07-13-94 02:19:00
From: LOEL LARZELERE
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 7084 (STILL FALSE POSITIVE.)
AG>Please let me know how things go.
Ended up calling in (voice). SCAN V 116 shows no virii,
SCAN 2.02 and 2.10 both shoe "traces of AI virus".
Msg#: 7364 *Anti Virus Q&A*
07-19-94 09:36:39
From: ARYEH GORETSKY
To: LOEL LARZELERE (Rcvd)
Subj: REPLY TO MSG# 7291 (STILL FALSE POSITIVE.)
Okay. Thanks for letting me know. We should get this fixed shortly.
Aryeh Goretsky
Tech Support
Msg#: 7118 *Anti Virus Q&A*
07-11-94 20:43:17
From: RICH CMIEL
To: SYSOP
Subj: REGISTATION
Hi!
I've been testing SCAN v2.02b, and I plan on going online next week with my
bbs. I plan on d/l v2.1, but was wondering: since my bbs will allow users to
freely download files without having to subscribe(but if they do they get more
on-time, etc...), does this fall under the category of not needing to register
it?? I was a bit confused on that. I'm using SCAN with TranScan - I don't
know if that makes a difference or not. Please let me know. Thanks! Rich.
Msg#: 7136 *Anti Virus Q&A*
07-12-94 11:21:14
From: MICHAEL ALBERS
To: RICH CMIEL (Rcvd)
Subj: REPLY TO MSG# 7118 (REGISTATION)
Dear Rich,
Not really, the software is still shareware, in order for them to register it
legally, they would need to fill out the REGISTER.DOC file, and mail it out,
they could also contact out customer service, however there is still a
registration fee required for the products.
Regards,
Michael Albers
Tech Support
Msg#: 7162 *Anti Virus Q&A*
07-12-94 19:11:39
From: ARYEH GORETSKY
To: RICH CMIEL
Subj: REPLY TO MSG# 7118 (REGISTATION)
Hello Mr. Cmiel,
You do not need to register the software for use on your BBS as long as your
users do not have to pay you for downloading it, e.g., you give them access to
this freely. I think you'll find that this works out pretty good since it
greatly reduces the chance of them accidentally uploading a virus to your BBS.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9796 *Anti Virus Q&A*
09-13-94 15:14:54
From: CHUCK SEIFRIED
To: ARYEH GORETSKY
Subj: REPLY TO MSG# 7162 (REGISTATION)
> You do not need to register the software for use on your BBS as long
> as your users do not have to pay you for downloading it, e.g., you
> give them access to this freely. I think you'll find that this
> works out pretty good since it greatly reduces the chance of them
> accidentally uploading a virus to your BBS.
I did not know this. I have made what ever version of SCAN I was using on The
REACH available for download FREE (I don't even charge credits) to the general
public since the beginning..
However, I suppose you would NOT object to me Registering it anyway ( as soon
as I can afford it). I believe in supporting good software.
Chuck
Msg#: 7152 *Anti Virus Q&A*
07-12-94 18:51:19
From: FRAN MONIZ
To: SYSOP
Subj: NETWORK ANTI-VIRUS
I am looking for a anti-virus program to load on to my Novell Netware
3.12 File Server. I would like it to scan the DOS partition Beside the Novell
side. Is There anything out there that dos this? I would also like to scan work
stations floppy drives evertime a disk is inserted. Maybe ask for the moon.
Msg#: 7176 *Anti Virus Q&A*
07-12-94 19:37:23
From: ARYEH GORETSKY
To: FRAN MONIZ (Rcvd)
Subj: REPLY TO MSG# 7152 (NETWORK ANTI-VIRUS)
Hello Mr. Moniz,
You can run VIRUSCAN on the DOS partition of your file server, NETShield for
NetWare on your NetWare partition, and VSHIELD with the /ANYACCESS switch on
your workstations to scan floppies as they are accessed.
All programs are available for download from file library <1>.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7164 *Anti Virus Q&A*
07-12-94 19:14:28
From: ARYEH GORETSKY
To: NICK CHAMPION (Rcvd)
Subj: REPLY TO MSG# 7124 (SWITCH/ADL)
Hello Mr. Champion,
Are any of the drives removable media drives, such as an external floppy drive
or CD-ROM drive?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7188 *Anti Virus Q&A*
07-13-94 01:11:50
From: ARYEH GORETSKY
To: NICK CHAMPION (Rcvd)
Subj: REPLY TO MSG# 7182 (SWITCH/ADL)
Hello Mr. Champion,
I'm sorry, but your message confused me. Which version of SCAN.EXE are you
running, 2.X or 11X?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7229 *Anti Virus Q&A*
07-14-94 07:10:18
From: NICK CHAMPION
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 7188 (SWITCH/ADL)
Scan2.X the latest version you have on this board. you just can't type Scan
/adl and expect to scan all drives such as mine C: D: E: F: G: H: I: J: K: L:,
even I is my CD Rom drive and those other drives j k l Double space drives.
unless you type this at the command line Scan C: D: E: F: G: H: I: J: K: l:
/sub /all
Msg#: 7258 *Anti Virus Q&A*
07-15-94 11:23:21
From: ARYEH GORETSKY
To: NICK CHAMPION (Rcvd)
Subj: REPLY TO MSG# 7229 (SWITCH/ADL)
Scan 2.X's /ADL switch does not work on PC's with removable drives if there is
no disk/CD-ROM/cartridge in the removable drive. We are aware of this and will
be fixing this in a future release.
Aryeh Goretsky
Tech Support
Msg#: 7289 *Anti Virus Q&A*
07-15-94 23:10:28
From: NICK CHAMPION
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 7258 (SWITCH/ADL)
My D: E: F: and partioned drives, when I type at the C:\ scan /adl, it does not
scan D: E: F:, even with the /sub switch or /all switch.
Msg#: 7363 *Anti Virus Q&A*
07-19-94 09:36:04
From: ARYEH GORETSKY
To: NICK CHAMPION (Rcvd)
Subj: REPLY TO MSG# 7289 (SWITCH/ADL)
Right. This is a symptom of the problem.
Aryeh Goretsky
Tech Support
Msg#: 7184 *Anti Virus Q&A*
07-13-94 00:55:35
From: ARYEH GORETSKY
To: KEN DAY (Rcvd)
Subj: REPLY TO MSG# 7178 (OPTION CONFLICTS IN 2.1.210)
Hello Mr. Day,
The documentation is incomplete in that regard--the /POLY switch is like the
/SWAP switch--it cannot be used with any of the "ACCESS" switches such as
/ANYACCESS, /BOOTACCESS, or /FILEACCESS.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7185 *Anti Virus Q&A*
07-13-94 01:01:02
From: ARYEH GORETSKY
To: DEAN OFFICER (Rcvd)
Subj: REPLY TO MSG# 7179 (INFECTED FILES)
Hello Mr. Officer,
The full-screen editor appeared to clear the screen when I replied to your
message?
Running SCAN with the /REPORT {filename} switch will generate a list of
infected files or system areas.
The Michelangelo virus is spread by booting with an infected floppy diskette in
the A: drive. My recommendation would be to install VSHIELD and tell it to
check the floppy disk drives whenever accessed. This should catch the virus
before students have a chance to reinfect the PC's.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7245 *Anti Virus Q&A*
07-15-94 02:35:17
From: DEAN OFFICER
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 7185 (INFECTED FILES)
THKS FOR RPT INFO. WILL PASS TO W.S.U. REVIEWED DOCS AND, WAS AGAIN, A "PLS
READ BEFORE BOTHERING US" IT'S ON PGE ... SORRY, BUT TKS FOR THE INFO WILL
REVIEW IN MORE DETAIL FORTHWITH.
AGAIN THANKS --
DEO
Msg#: 7268 *Anti Virus Q&A*
07-15-94 11:45:41
From: ARYEH GORETSKY
To: DEAN OFFICER (Rcvd)
Subj: REPLY TO MSG# 7245 (INFECTED FILES)
Glad to be of assistance, Mr. Officer.
Aryeh Goretsky
Tech Support
Msg#: 7186 *Anti Virus Q&A*
07-13-94 01:04:07
From: ARYEH GORETSKY
To: CHARLES DEAK (Rcvd)
Subj: REPLY TO MSG# 7180 (RELEASE CANDIDATES?)
Hello Mr. Deak,
According to my "Benjamin Franklin's 1994 Calendar, Farmer's Almanac, and
Antivirus Support Guide" the month of July is only half-begun.
Seriously, the VIRUSCAN Version 117 release should be within three days.
Version 2.1.0 should follow shortly thereafter.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7239 *Anti Virus Q&A*
07-14-94 16:59:48
From: CHARLES DEAK
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 7186 (RELEASE CANDIDATES?)
(g) Actually, July is half-over.... 8-)
Thanks for the response.... and info....
charles Deak
Msg#: 7187 *Anti Virus Q&A*
07-13-94 01:10:44
From: ARYEH GORETSKY
To: BRIAN HARBAUGH (Rcvd)
Subj: REPLY TO MSG# 7181 (LOGINS)
Hello Mr. Harbaugh,
I've put a "keeper" flag on your account to prevent the BBS from purging it.
All you need to do is ask one of the sysops to do this.
The reason that we purge so frequently is because otherwise the userlog gets
very big and it takes a long time for the system to recognize users when they
log in and also some problems with file corruption due to the BBS software
running out of memory. To combat this, we developed a two-prong approach:
1. Set up a GUEST USER account for people who only want to do
file transfers; and
2. Purge the user log every week for accounts over 14 days old.
The former works tremendously, as most people who call us just want to
download the latest version of VirusScan. Probably 75% of the callers never
even read a single message on the BBS.
And even with the latter, we're still running a 6,000-7,000 member user log at
the end of a purge, which indicates that we're still seeing quite a bit of
traffic from people who want to explore the BBS.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7321 *Anti Virus Q&A*
07-17-94 13:32:29
From: BRIAN HARBAUGH
To: ARYEH GORETSKY
Subj: REPLY TO MSG# 7187 (LOGINS)
Wow, I never realized that you had so much traffic! I wish my board could do
that well. I may not read all the messages all the time due to this being long
distance, but I appreciate being left on the users list. Thanks Brian
Msg#: 7235 *Anti Virus Q&A*
07-14-94 13:08:54
From: AK FIRE SERVICE
To: AK FIRE SERVICE (Rcvd)
Subj: BOGUS MEMORY VIRI
There was nothing other than the previously stated cards in the computer. Is
it possible that the Compaq is just enough out in left field to choke when
virusscan is run?
-Brian Lamb
Msg#: 7262 *Anti Virus Q&A*
07-15-94 11:30:29
From: ARYEH GORETSKY
To: AK FIRE SERVICE (Rcvd)
Subj: REPLY TO MSG# 7235 (BOGUS MEMORY VIRI)
Hello Mr. Lamb,
We should have a new version of VirusScan 2.1.0 out today or tomorrow. I'd
like you to try with that version and see if it fixes this problem.
Aryeh Goretsky
Tech Support
Msg#: 7507 *Anti Virus Q&A*
07-21-94 16:34:25
From: AK FIRE SERVICE
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 7262 (BOGUS MEMORY VIRI)
Okay, I'll let you know what happens.
-Brian Lamb.
Msg#: 7530 *Anti Virus Q&A*
07-22-94 12:05:06
From: AK FIRE SERVICE
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 7262 (BOGUS MEMORY VIRI)
Mr. Goretsky, Due to some inhuman ability to do a simple e-mail message, I sent
a reply to you, but inaverdently replied it to myself. Any way, it is message
number 7525. Thank you.
-Brian Lamb.
Msg#: 7793 *Anti Virus Q&A*
07-29-94 13:40:59
From: ARYEH GORETSKY
To: AK FIRE SERVICE (Rcvd)
Subj: REPLY TO MSG# 7530 (BOGUS MEMORY VIRI)
Okay. I'll look at it.
Aryeh Goretsky
Tech Support
Msg#: 8874 *Anti Virus Q&A*
08-24-94 11:26:15
From: AK FIRE SERVICE
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 7793 (BOGUS MEMORY VIRI)
Have you come across any iinformation that may helpp me in this situation?
-Brian Lamb, Ak Fire Service (907)356-5666
Msg#: 9220 *Anti Virus Q&A*
08-31-94 22:24:31
From: ARYEH GORETSKY
To: AK FIRE SERVICE (Rcvd)
Subj: REPLY TO MSG# 8874 (BOGUS MEMORY VIRI)
It seems to be related to both the BIOS and the CPU speed. We're testing a fix
for it internally now.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7287 *Anti Virus Q&A*
07-15-94 19:46:16
From: STEVE LANNING
To: SYSOP
Subj: VIRUS FOUND!
Hello There!
Your system just hung up on me in the middle of my message and said
*** System Halted By Operator ***... WHY!!!???!!!
Anyway, again... My name is Steve Lanning, a BBS SysOp here in
Charleston, SC. Another local SysOp, a friend of mine, has recently
caught a virus that your v116 was unable to clean. Yet SCAN had
detected the virus and said it was called: [1099]
The file called VIRLIST.TXT did not show any virus with such a name.
However, it did have one called: [109]
The two seem very similar, but file explosion differs a bit.
For instance, his BBS file, RA.EXE filesize should be: 69,604
When the virus attacks, it boosts it to: 70.715
Every explosion is on an average of: 1,111 bytes added.
If we let his system set in DOS after it 'appeared' that the virus
had been cleaned, it would lock up solid as a rock! It hasn't
affected anything other than memory and the more ordinary
filesizes of *.EXE *.OVR *.OVL and said that his X00.SYS was
infected as well. After this 'lockup' occurs, we are forced to do
a cold boot and BOOM, there's the file explosions in EVERY file and
even in some that I don't recall running! It just seems to attack
each and every .EXE, etc.. file that it can find on the HDD...
I can be reached by 2 methods if you'd please let me know if this
is a virus you haven't had before and let me know what I need to
do to send you a copy of it so we may help you crush this one...
BBS: 803-552-6292
Voice: 803-767-3350
I'd appreciate it if someone could get in contact with me about
this virus and what we should do about it. I'm going back to his
home soon with an arsenal of virus scanners and cleaners... I
hope this one can be remedied without further destruction to anyone
elses computers. We've been through hell on this one as we don't
have much expierence with virus infections and/or how to handle them.
Thank you for your time and I hope to hear from someone there.
Regards,
Steve Lanning
Msg#: 7362 *Anti Virus Q&A*
07-19-94 09:35:18
From: ARYEH GORETSKY
To: STEVE LANNING (Rcvd)
Subj: REPLY TO MSG# 7287 (VIRUS FOUND!)
Hello Mr. Lanning,
From time-to-time the BBS shuts itself down for userlog maintenance, file area
scrubbing, and so forth. It may disconnect users when this occurs.
If possible, can you upload a file you suspect is infected to the BBS for
analysis by our programmers? Thank you.
Aryeh Goretsky
Tech Support
Msg#: 7473 *Anti Virus Q&A*
07-20-94 18:42:39
From: STEVE LANNING
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 7362 (VIRUS FOUND!)
Oh man.. I just cleaned everything with another virus program. It was a nasty
little bugger, but it is gone now and I don't have anything else because your
CLEAN116 forced me to delete the .EXE's.. :( Now my QEMM disks are messed up
for life due to this virus.. But that's life, eh? Sorry...
Msg#: 7667 *Anti Virus Q&A*
07-27-94 00:57:05
From: ARYEH GORETSKY
To: STEVE LANNING
Subj: REPLY TO MSG# 7473 (VIRUS FOUND!)
If it does reappear, can you please send us a copy? Thank you.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9346 *Anti Virus Q&A*
09-01-94 09:43:44
From: OMACHONU OGALI
To: STEVE LANNING
Subj: REPLY TO MSG# 7473 (VIRUS FOUND!)
MSAV and MWAV are able to find only 1,234 viruses you should try them if they
don't work try Exaclibur BBS they have a list of what products can detect
viruses the most viruses and what kind can detect most viruses found on PCs.
Msg#: 7319 *Anti Virus Q&A*
07-17-94 10:53:42
From: RONALD WHISENHUNT
To: SYSOP
Subj: ALAMEDA VIRUS ??
Scanned system last night and I keep getting a virus message = trace of Alameda
in memory.. after tracing and attempting to remove.. I located what seems to be
area. If i rem out the Himem.sys in config.sys there is no problem.. from a
clean system I deleted and reexpanded himem.sys from dos 6.2 but still get
same message after removing the rem statement from config.sys file.. Is this a
false message or do I need to go deeper thanks for your help and fine work.
Msg#: 7431 *Anti Virus Q&A*
07-19-94 21:02:39
From: STEVE DENHAM
To: SYSOP
Subj: NEW VSHIELD
Hello. I was trying out your new vshield, and i wanted to tell you a problem i
had with it. My system is setup to use a Virtual Disk (drive D:) when i want
to. Now, like all vdisks, it's active only when i want it. when i'm starting
my system, with your new vshield, Vshield is trying to read my vdisk. and of
course sending back a "drive not responding retry abort fail" choice. So i'm
gonna have to go back to the older version 117. Unless you know of a prompt or
switch to disable the reading of the drive.
...... Thanks for your help. Steve!
Msg#: 7643 *Anti Virus Q&A*
07-26-94 23:53:42
From: ARYEH GORETSKY
To: STEVE DENHAM
Subj: REPLY TO MSG# 7431 (NEW VSHIELD)
Hello Mr. Denham,
What options are you running VShield with, and what version of DOS, and what
sort of RAM disk software are you using?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7559 *Anti Virus Q&A*
07-23-94 10:28:34
From: ALEX PARKER
To: MCAFEE
Subj: VIRUS
Hello, I am experiencing a boot sector virus by the name of Stealth_c Your
Virus Scan 2.10 E is not able to clean it, nor is your cln117 Sometimes the
virus comes up as the NOPS Virus. It is real weird, after a few attempts to
clean it the virus detector fails to detect it. But the symptoms such as
windows not being able to start with emm386 loaded persists. After a while
though the scan program is able to detect the virus... Weird.
FYI
No problem I will just re partition my drive.
Thanks Alex
Msg#: 7802 *Anti Virus Q&A*
07-29-94 15:37:05
From: ARYEH GORETSKY
To: ALEX PARKER
Subj: REPLY TO MSG# 7559 (VIRUS)
Hello Mr. Parker,
Try booting from a clean copy of DOS and running the CLEAN-UP program by
typing:
CLEAN C: [GENP] /MAINT
Aryeh Goretsky
Tech Support
Msg#: 7748 *Anti Virus Q&A*
07-28-94 19:02:29
From: GEOFF SMITH
To: MCAFEE TECH SUPPORT
Subj: UPDATING SCAN.EXE
Please advise how to update the scan program. I have the 114 version at
present. I have d/l the scanv117.zip file and unzipped it into a temp
directory (off the scan directory). The virlist.txt is the same size for both
versions and the scan.exe program is almost the same size. Do I simply copy the
new scan.exe over the old one? Rgds
Msg#: 8020 *Anti Virus Q&A*
08-03-94 22:53:20
From: ARYEH GORETSKY
To: GEOFF SMITH (Rcvd)
Subj: REPLY TO MSG# 7748 (UPDATING SCAN.EXE)
Hello Mr. Smith,
That is correct. You copy the new files over the old ones.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7835 *Anti Virus Q&A*
07-30-94 10:25:34
From: BRAD BECKENHAUER
To: SYSOP
Subj: NETSHLD 160
RE: NETSHLD 160 with virdata 117 I recently install your Netshield 1160 and
used the updated virus file 117 on a Netware 3.11 server. I decided to test
the new NLM and obtained a copy of an infected file with the virus 4096-D. The
NLM caught the first attempt to copy the virus to the server and notified the
appropiate personal and moved the file as requested. I then copied the same
virus to the same location using the same command 'COPY C:\SETUP.EXE H:\'.
SETUP.EXE being the file infected with the 4096-D virus. The NLM did NOT catch
the second or subsequent copies. It would catch when I attempted to copy
another infected file with the [JER] virus. I've read the docs and can't find
anything in the setup or Novell configuration wrong. Any suggestions? Thanks
Brad.
Msg#: 7888 *Anti Virus Q&A*
08-01-94 07:42:28
From: KELLY LUCAS
To: BRAD BECKENHAUER (Rcvd)
Subj: REPLY TO MSG# 7835 (NETSHLD 160)
Brad,
That's interesting the Netshield would detect the virus on the first copy, but
not on subsequent copies. It should detect each time you attempt to copy it
over. What happens if you attempt to copy the same file "setup.exe" from the
server to a workstation?
Lucas
Msg#: 8003 *Anti Virus Q&A*
08-03-94 07:03:56
From: BRAD BECKENHAUER
To: KELLY LUCAS (Rcvd)
Subj: REPLY TO MSG# 7888 (NETSHLD 160)
Lucas,
I tried copying the infected file (Setup.exe) fromt he network drive to a
workstation and it both worked and didn't. Let me explain. Configuration:
Netshield 1.60 with V-Dat file 117. Action on detect:Move Scan Incoming files,
Warn User=Yes, CRC=OFF, Novell Messages set ON (CASTON). Drive H: is a Novell
3.11 Network drive with rights: RWCEMF. 1st Test: copy b:\setup.exe h:\ -
File copied. copy h:\setup.exe b:\ - File copied. del b:\setup.exe -
Disk is now blank Change netshield to scan both incoming and outgoing copy
h:\setup.exe b: - Dos reports file not found, No Netshield msg, file
was just there. dir H:\ - File
Missing (setup.exe)) Ran Novell Salvage Utility - Recovered SETUP.EXE Ran SCAN
V112 SCAN H:\ - No Virus found but DIR H:\ Shows the file is there. Copy
H:\setup.exe b:\ - File copied, ran scan on diskette from a different
workstation. No virus found. Interesting! 2nd Test:
No virus on network. Scanning incoming files Copy B:\setup.exe H:\ - Netshield
msg, file moved Copy b:\setup.exe h:\ - Same Copy b:\setup.exe h:\ - Same
copy b:\setup.exe h:\ - Same Copy b:\setup.exe h:\ - Same Copy b:\setup.exe
h:\ - File Copied! No netshield msg.
FYI setup.exe is reported as being infected with the 4096-D/Invader virus.
I'll check back later and see if ya have any comments. Brad
Msg#: 8066 *Anti Virus Q&A*
08-04-94 10:04:03
From: KELLY LUCAS
To: BRAD BECKENHAUER (Rcvd)
Subj: REPLY TO MSG# 8003 (NETSHLD 160)
Brad,
There have been some cases of reported problems of scanning incoming files
netshield, and we believe it occured under certain network configurations. Our
programmer addressed this issue, and has wrote a new version of Nethshield that
should correct this problem.
The new version is 1.61, and is available on our BBS as a beta product. Please
download the product and see if it corrects the problem for you. Don't be
alarmed if you see some debugging information on the screen, that will be
removed when the product is released.
Lucas
Msg#: 8182 *Anti Virus Q&A*
08-08-94 19:45:55
From: ARYEH GORETSKY
To: BRAD BECKENHAUER (Rcvd)
Subj: REPLY TO MSG# 7835 (NETSHLD 160)
Hello Mr. Beckenhauer,
Have you installed the files from STRTL3.EXE and LIBUP3.EXE? These Novell
supplied patch files fix bugs in the NetWare OS that NETShield exercises.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7845 *Anti Virus Q&A*
07-30-94 14:27:43
From: ROBERT LOVE
To: SYSOP
Subj: VIRUS ON ZIFFNET FOR PRODIGY
I was the Unlucky one who download the Resent Virus on Ziffnet for Prodigy, I
am still waiting for the Fed Ex Package of Norton 3.0 to arive, The file Name I
download was AWORDS.ZIP, I deleted the file or I would upload it to you I run a
BBS, and this is not good new for me as your software does not detect the virus
I have been told, the Infected machine is offline untill, I can get a software
that will disinfect It. I thought I would let you know just in case Ziffnet
did not contact you with the New Virus, so that you can contact them and obtain
the Information you need to add it to your Library. Thanks Robert Love Sysop of
LoveData BBS (801) 776-3459 Voice 801-776-4433 Work 801-779-7008
RLOVE@RUSHNET.COM InterNet FHSE03A Prodigy BTW. The Virus did not hit the BBS
System.
Msg#: 8189 *Anti Virus Q&A*
08-08-94 21:49:39
From: ARYEH GORETSKY
To: ROBERT LOVE
Subj: REPLY TO MSG# 7845 (VIRUS ON ZIFFNET FOR PRODIGY)
Hello Mr. Love,
Which virus are you referring to? What does SCAN report when it checks your
system for viruses?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 7874 *Anti Virus Q&A*
08-01-94 00:01:43
From: DAVID DUBERMAN
To: ALL
Subj: STAMFORD
What is the command to fix the partition table, thus removing the Stamford
virus? I think it's Fdisk or chkdsk with an undocumented switch. Thanks
Msg#: 7901 *Anti Virus Q&A*
08-01-94 08:28:43
From: KELLY LUCAS
To: DAVID DUBERMAN
Subj: REPLY TO MSG# 7874 (STAMFORD)
David,
Yes, FDISK /mbr will inadvertently overwrite the virus.
Lucas
Msg#: 7986 *Anti Virus Q&A*
08-02-94 18:36:26
From: GEOFF SMITH
To: TECH SUPPORT
Subj: UPDATING SCAN.EXE
PLs advise how to update scan.exe. (See msg 7748 as yet no reply). After d/l
scan117.zip and unzipping it, what do I do with the new scan.exe file. Do I
just copy it OVER the existing scan.exe (from version 113) ?. What is new
about ver 117? The virlst.txt is the same size and the executable is almost
the same size. I don't understand what is new? Rgds
Msg#: 8000 *Anti Virus Q&A*
08-03-94 06:53:26
From: KELLY LUCAS
To: GEOFF SMITH (Rcvd)
Subj: REPLY TO MSG# 7986 (UPDATING SCAN.EXE)
Geoff,
Well, you may copy the new scan over the old; however, you may want to keep a
copy of the old just in case you encounter problems with the new scanner.
Lucas
Msg#: 8080 *Anti Virus Q&A*
08-04-94 12:45:59
From: DAN WISE
To: ALL
Subj: HANGUPS WITH VSHIELD 210E
I installed the new Vshield on my 486 system and found that it hangs when I try
to run QEMM Optimize, Manifest, or Windows. I found that I could load it with
the Noems switch and prevent the hangs, but I then end up losing about 40k of
conventional memory, as only part of the program loads into xms. However,
without the noems switch, a much greater portion of the program loads into ems
and only 8k of conventional is taken up. I am running QEMM 6.0. Is there a
way to get the program to load into extended memory? Thank you.
Dan
Msg#: 8106 *Anti Virus Q&A*
08-05-94 07:56:51
From: KELLY LUCAS
To: DAN WISE (Rcvd)
Subj: REPLY TO MSG# 8080 (HANGUPS WITH VSHIELD 210E)
Dan,
When loading VShield into extended memory, it may not be able to utilize as
much memory as VShield does when using expanded memory; however, if you have
enough upper memory available, and have the statement:
DOS=HIGH,UMB...then the remaining portion of VShield will load into
upper memory instead of conventional memory.
I hope this helps,
Lucas
Msg#: 8176 *Anti Virus Q&A*
08-08-94 16:12:43
From: DAN WISE
To: KELLY LUCAS (Rcvd)
Subj: REPLY TO MSG# 8106 (HANGUPS WITH VSHIELD 210E)
Kelly,
To refresh your memory, I was questioning about how to get Vshield to load with
QEMM running. From your response, I gather that you are not familiar with the
problem. Has anyone else done a workaround for not being able to utilize the
expanded memory, and thus not getting everything loaded high? I apparently do
not have enought UMB left to get the remaining portion of the program into
those blocks. Thanks.
Dan
Msg#: 8333 *Anti Virus Q&A*
08-11-94 00:16:39
From: KELLY LUCAS
To: DAN WISE
Subj: REPLY TO MSG# 8176 (HANGUPS WITH VSHIELD 210E)
Dan,
Thanks for refreshing my memory.
The only time I've seen VShield not load into upper memory when there was
enough contiguous upper memory blocks available, was cases that had:
DOS=HIGH
instead of:
DOS=HIGH,UMB
The second statement allowed VShield to load into upper memory.
All other cases were those users who didn't have enough upper memory to load
VShield. Check and see if the amount of memory used by VShield in contiguous
memory exceeds or is nearly equal to the largest contiguous block of upper
memory available.
Let me know,
Kelly
Msg#: 8396 *Anti Virus Q&A*
08-13-94 10:18:00
From: RICHARD ROGERS
To: DAN WISE
Subj: REPLY TO MSG# 8176 (HANGUPS WITH VSHIELD 210E)
>expanded memory, and thus not getting everything loaded high? I apparently do
>not have enought UMB left to get the remaining portion of the program into
>those blocks. Thanks.
I use Qemm 6.? and 8 Meg of RAM. Even with enough UMB space
to load high VShield 2.1.0 locks if loaded using either UMB or
EMS.
Msg#: 8104 *Anti Virus Q&A*
08-05-94 07:31:01
From: CASEY KELLY
To: WHO CAN HELP..
Subj: HAVE YOU SEEN?
I have a system that will not let you get to certain dir. You can pull most
directories up and they work fine. But 2 dirs. you can not open a file. When
you try to open a file the system hangs! (This is in 123) You can use 123 to
open files in other dirs. but not in the two that, of course, are needed.
Other programs work find.. I checked the size of command.com and it is correct.
THANKS FOR YOUR HELP... John Kelly
Msg#: 8114 *Anti Virus Q&A*
08-05-94 09:42:59
From: KELLY LUCAS
To: CASEY KELLY
Subj: REPLY TO MSG# 8104 (HAVE YOU SEEN?)
John,
I'm not familiar with these symptoms being related to a virus I'm aware of.
Have you ran our scanner against your system to search for viruses? If so,
what version did you run? With what parameters?
Lucas
Msg#: 8406 *Anti Virus Q&A*
08-13-94 17:47:19
From: ARYEH GORETSKY
To: CASEY KELLY
Subj: REPLY TO MSG# 8104 (HAVE YOU SEEN?)
What are the names of the directories, Mr. Kelly?
Aryeh Goretsky
Tech Support
Msg#: 8623 *Anti Virus Q&A*
08-14-94 07:20:00
From: DICK REICH
To: CASEY KELLY
Subj: REPLY TO MSG# 8104 (HAVE YOU SEEN?)
CK┤I have a system that will not let you get to certain dir. You can pull most
┤directories up and they work fine. But 2 dirs. you can not open a file. Wh
┤you try to open a file the system hangs! (This is in 123) You can use 123 t
Casey - Have you run CHKDSK on this drive, this may be just a system
table problem rather than a virus.
Dick.
Msg#: 8134 *Anti Virus Q&A*
08-06-94 01:26:30
From: KEN TEAGUE
To: MCAFEE ASSOCIATES
Subj: ZIP FILE SCANNING
When is SCAN and CLEAN going to have support for archived files? Is there a
date yet? Since you run a TBBS are you going to make a shell to scan uploaded
files specifically for TBBS?!! <8^)
Ken Teague
please! I would like it for my future TBBS.
Msg#: 8254 *Anti Virus Q&A*
08-09-94 09:40:16
From: KELLY LUCAS
To: KEN TEAGUE (Rcvd)
Subj: REPLY TO MSG# 8134 (ZIP FILE SCANNING)
Ken,
Still no date set for the scanning of ZIP files.
Lucas
Msg#: 8145 *Anti Virus Q&A*
08-07-94 00:13:22
From: COLIN FOSS
To: SYSOP
Subj: JUNKIE VIRUS
I was wondering if you have an answer to my problem. Scan v117 has detected the
"JUNKIE" virus on my system. I use Clean v117 to remove the virus which I had
to delete my COMMAND.COM and other files that had the .COM file extension. I
reinstalled a copy of DOS 6.2 which was copy protected into my system. I ran
SCAN v117 again and the virus again showed up. I deleted my hard drive
partition and created a new one, and reformatted the hard drive. Ran scan v117
again and it did not detect it. I ran scan one more time just to make
sure...and still was not infected. I reinstalled DOS 6.2 and ran scan again ,
and guess what it was back. I did this procedeure numersous times with differnt
DOS disk as well as differnt versions....HOW CAN I GET RID OF IT!??
HELP!
Colin Foss
Msg#: 8149 *Anti Virus Q&A*
08-07-94 11:18:28
From: GEOFF SMITH
To: TECH SUPPORT
Subj: SCAN.EXE VERSION 2.1
Scan version 2.1 is certainly very fast. It scanned "all" 3568 files on one
of my drives in 46 secs. This was with the /all switch. However, does it scan
inside zipped files? as the CPAV system does. Even at the fast speed I expected
some indication that it was temporarily unzipping these files, but I got no
such indication. rgds
Msg#: 8172 *Anti Virus Q&A*
08-08-94 11:21:21
From: JOHNSON CONTROLS
To: ARYEH GORETSKY (Rcvd)
Subj: JOHNSON CONTROLS INC
Mr Goretsky,
I'm a technical support person for our office in Manchester Mi. We have a
license agreement with your company but I don't have our license number here
with me. I have encountered a Monkey virus and was told that you have a
special Clean-up file for it. Please let me know what it's name is so that I
may DL it and get this mess cleaned up. Thanks for your help.
Shelby Jeffords Johnson Controls Tech.
Msg#: 8461 *Anti Virus Q&A*
08-15-94 00:29:30
From: ARYEH GORETSKY
To: JOHNSON CONTROLS (Rcvd)
Subj: REPLY TO MSG# 8172 (JOHNSON CONTROLS INC)
Hello Mr. Jeffords,
The file you are looking for is KILLMONK. It can be downloaded from the Third
Party Antivirus File Area.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8234 *Anti Virus Q&A*
08-09-94 00:57:19
From: JIM HIRSCHY
To: ALL
Subj: ANTIEXE
I just ran the SCAN 2.1.0 on my system and it said it was infected with the
ANTIEXE virus but when I tried to clean it, it said there is no removal for it
yet. FDISK /MBR got rid of it but...any news on it? Any other way to get rid of
it as formatting a diskette to dump it is kind of final? Enjoy!
Jim H.
Msg#: 8501 *Anti Virus Q&A*
08-15-94 23:34:59
From: ARYEH GORETSKY
To: JIM HIRSCHY
Subj: REPLY TO MSG# 8234 (ANTIEXE)
Hello Mr. Hirschy,
This is a boot virus from South Africa, I believe. Over the past month we have
received several calls concerning it.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8237 *Anti Virus Q&A*
08-09-94 05:44:24
From: RICK ROMAN
To: SYSOP
Subj: NETWARE BINDERY
WE ARE TESTING NETSHIELD V1.56 ON A DEVELOPMENT FILE SERVER USING NOVELL 3.11.
NETSHIELD DETECTED A CHANGE IN BINDERY FILES SIZES AND HAS MOVED THEM TO THE
INFECTED DIRECTORY. DUE TO THIS NO ONE IS ABLE TO SIGN ON TO THIS SERVER.
PLEASE CONTACT RICK ROMAN AT 315-738-4916.
Msg#: 8272 *Anti Virus Q&A*
08-09-94 20:17:57
From: DAVID HANKINSON
To: ALL
Subj: JERUSALEM
A friend of mine, running an old 286, has had her system infected with the
Jerusalem virus - discovered using the latest version of SCAN. I have deleted
the offending file, SETUP.EXE in Windows, but SCAN /CLEAN has not restored
things to normal. Perhaps it isn't supposed to. What I need to know is what
this virus has done to the system and how can I, if possible, rectify the
gibberish it is putting on the screen. The system works as it's always worked
- only the screen prints gibberish (mostly dollar signs). Booting from a clean
bootable diskette doesn't solve the problem. I'm guessing the virus has done
something to the CMOS? Any help would be appreciated. Cheers....
Msg#: 8346 *Anti Virus Q&A*
08-11-94 11:01:53
From: RAUL DURAN
To: SYSOP
Subj: HELP - NATAS!!!
Have you heard about the NATAS (or SATAN) virus?
Where can I get the antivirus or the detector?
Help!!!! Thanks!!!
Msg#: 8543 *Anti Virus Q&A*
08-16-94 00:45:50
From: ARYEH GORETSKY
To: SYSOP
Subj: REPLY TO MSG# 8346 (HELP - NATAS!!!)
** Message forwarded by RAUL DURAN at 16:54:18 on 08-18-94 **
Thanks!!!
I'm in San Diego, CA. one of my customers at Tijuana catched the NATAS-Virus,
so... I got the AV from a friend in Mexico City.
[Original Message Follows]
Hello Mr. Duran,
Are you in the U.S. or Mexico? We have had many reports of the virus from
Mexico and our Mexico City office has become something of an expert in dealing
with this virus.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8403 *Anti Virus Q&A*
08-13-94 10:12:49
From: LANCE BERNARD
To: 8904
Subj: SLIPSCAN & 210
I recently ran 210 against the slipscan virus (a TPE/DGME virus). The first
time I ran it, it caught 100% of the infected files (all 1000 of them) and I
was thrilled. The program correctly identified them as the TPE virus. Then I
tried it the next day for the heck of it, and it caught none of 18
second-generation files. Then I ran version 114 against the same 18 and it
caught all of them. What gives? Why did 210 work so well the first time, and
not the second. Now I don't have too much confidence in 210, and I'll continue
to use my 114 (but I just downloaded 117, and I might use that. Actually, I
like 210 -- it's fast and easy to use; but right now it doesn't seem to be as
reliable as your older scanning programs. Any comments on this would be
appreciated. Lance (a faithful user)
Msg#: 8565 *Anti Virus Q&A*
08-16-94 01:03:58
From: ARYEH GORETSKY
To: LANCE BERNARD (Rcvd)
Subj: REPLY TO MSG# 8403 (SLIPSCAN & 210)
Hello Mr. Bernard,
I have not heard of this virus before. Can you please upload a few copies for
analysis by our programmers? Thank you.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8673 *Anti Virus Q&A*
08-18-94 21:21:04
From: LANCE BERNARD
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 8565 (SLIPSCAN & 210)
I'll try to, but I've never uploaded anything before, so I don't know if I can.
Please let me know if you'd like the source code, the non-mutated virus com
file, or the mutated file. Or all of them. By the way, it's a non-harmful com
file virus which which infects only the current directory, so it's sort of
handy for testing out scanner. Like I said earlier, 114 (and 117) detected all
metations as the TridenT virus (correctly), and 210 detected the non-mutated
form just fine as the TPE virus. Anyhow, just let me know which one(s) you'd
like. Oh... and also... it comes with the program disk for the book "Computer
Viruses, Artificial Life, and Evolution" by Mark Ludwig. I'll upload when you
let me know what you want (I have to find the corredt files before uploading).
Thanks, Lance
Msg#: 9025 *Anti Virus Q&A*
08-28-94 23:46:40
From: ARYEH GORETSKY
To: LANCE BERNARD (Rcvd)
Subj: REPLY TO MSG# 8673 (SLIPSCAN & 210)
Hello Mr. Bernard,
Can you please upload all files? You can go to the file area and select item
<U> to upload them. Thank you.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8448 *Anti Virus Q&A*
08-14-94 17:43:29
From: TED STAUB
To: SYSOP
Subj: HOW TO UPLOAD INFECTED FLOPPY.
Hello, My roommate had just found out that a floppy he had used to install
software was infected with the monkey virus. He ran your scan and several
others to make sure there was no error in the detection. I had mentioned to
him that he should upload the floppies of files to your bbs for your
examination. I would like to first make sure I can do this. I had though or
seen that there is a certain set asside just for this kind of uploading.
Second, his computer is down for the time being and I thought I might upload
it. But, how in the world would I upload infected files from my computer with
out catching them myself? I am interested in helping you out by uploading
infected files, but this seems to be quit a risk to me. So, can you tell me
how and even if it is worth it for this particular virus. Since, you already
have the clean program to wipe it out.
Thanks,
Ted R. Staub
Msg#: 8780 *Anti Virus Q&A*
08-22-94 22:25:19
From: ARYEH GORETSKY
To: TED STAUB
Subj: REPLY TO MSG# 8448 (HOW TO UPLOAD INFECTED FLOPPY.)
Can you make a DISKCOPY instead and mail that to the address in the VirusScan
documentation? Thanks!
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8449 *Anti Virus Q&A*
08-14-94 18:52:13
From: JEFF PIRKEY
To: SYSOP
Subj: B1 VIRUS
Hey,
I ran into the B1 virus on one of my machines. My others aren't infected
yet. Where should I go from here?
Thanks
Jeff Pirkey
Msg#: 8781 *Anti Virus Q&A*
08-22-94 22:25:59
From: ARYEH GORETSKY
To: JEFF PIRKEY
Subj: REPLY TO MSG# 8449 (B1 VIRUS)
Use the CLEAN-UP program to remove it by booting from a clean copy of DOS ,
inserting the disk with CLEAN.EXE, and typing:
CLEAN C: [GENP]
and pressing Enter. That should remove the virus just fine.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8479 *Anti Virus Q&A*
08-15-94 10:09:55
From: KEN TEAGUE
To: RICHARD ROGERS (Rcvd)
Subj: RE: VSHIELD & LOCK-UP...
Richard Rogers writes:
RR >I use Qemm 6.? and 8 Meg of RAM. Even with enough UMB space to load high
RR >VShield 2.1.0 locks if loaded using either UMB or EMS.
Mr. Rogers,
The problem isn't VShield... it's QEMM. I recently found out, from
documentation that came with the BBS software that I am using now, that if
you're using the DEVICE=QEMM386.SYS RAM statement in your CONFIG.SYS you're
"playing with fire". As quoted from Digital Dynamics (authors of Synchronet
BBS):
>On every system configuration tested at Digital Dynamics, DESQview (or even
>just plain DOS) will eventually crash with this CONFIG.SYS line.
>
>The problem is that QEMM is using memory regions that other components of
>your systems are also trying to use and therefore you may not be getting all
>the available upper memory possible. This si important if you need to load
>TSRs, device drivers, or netwrok drivers into high memory to leave as much
>DOS base memory as possible.
This is probably what's happening with you. I can go on further and quote it
more but I think it'd be less time consuming if I upload it as a prepared
message. I'll title it as QEMM MANAGEMENT ERRORS.
Ken Teague
Msg#: 8497 *Anti Virus Q&A*
08-15-94 23:04:04
From: KEN TEAGUE
To: ALL
Subj: QEMM MANAGEMENT ERRORS...
Experience has shown that problems with DESQview usually have nothing to do
with DESQview and everything to do with QEMM.
The default QEMM config.sys line is "DEVICE=QEMM386.SYS RAM". If you are using
this config.sys line, you are playing with fire. On every system configuration
tested at Digital Dynamics, DESQview (or even just plain DOS) will eventually
crash using this config.sys line.
The problem is that QEMM is using memory regions that other components of your
systems are also trying to use. This is bad. QEMM may also not be using memory
regions that are not in use and therefore you may not be getting all the
available upper memory possible. This is important if you need to load TSRs,
device drivers, or network drivers into high memory to leave as much DOS base
memory as possible.
An example config.sys:
1: shell=c:\dos\command.com /e:1024 /p
2: stacks=0,0
3: buffers=5
4: files=50
5: lastdrive=m
6: device=c:\dev\qemm386.sys ram x=b800-c7ff i=f000-f7ff i=fd00-fdff
7: device=c:\dev\loadhi.sys c:\dev\smartdrv.sys 1024
8: device=c:\dev\loadhi.sys c:\dev\ramdrive.sys 4096 256 512 /e
9: device=c:\dev\loadhi.sys c:\dev\ansi.sys
Remember, this example config.sys will probably NOT work in your system. It
does however work in one specific system. The right config.sys line for your
system will need to be determined by you. Keep reading to find out how to make
that determination.
Note line 6, where QEMM386.SYS is loaded. The extra parameters after "ram" are
specifying that QEMM exclude (not use) the memory region B800h through C7FFh
and that QEMM should include (use) the memory regions F200h through F2FFh and
F400h through F6FFh.
The "x=b800-c7ff" part of the line is VERY IMPORTANT. Without this parameter,
this particular system will eventually crash under DESQview or even DOS alone
under some circumstances. The crash will manifest itself differently with
different system configurations. It may give you a "QEMM protection violation"
or "Invalid instruction", or "NO ROM BASIC - SYSTEM HALTED", or it just may
suddenly freeze.
The "i=nnnn-nnnn" parameters in the line tell QEMM to include (use) these
memory regions for more available high memory. You should NOT use the inclusion
parameter unless you are positive that no component of your system will try to
use that memory region (including your system BIOS).
There is a Quarterdeck program called "Optimize" that is supposed to figure
what to include and what to exclude in your config.sys, but don't waste your
time. We've run "Optimize" on over 10 different system configurations and when
it didn't crash the system, it never produced a config.sys that wouldn't
eventually crash.
So how do you figure what to include and exclude? By using the QEMM.COM utility
with the "analysis" parameter. The first time you run "qemm analysis", you'll
see something like this:
╔═══════════════════════════════════╗
║ Area Size Status ║
║ 0000 - C2FF 780K OK ║
║ C300 - C7FF 20K Include ║
║ C800 - EFFF 160K OK ║
║ F000 - F1FF 8K Include ║
║ F200 - F2FF 4K OK ║
║ F300 - F3FF 4K Include ║
║ F400 - F6FF 12K OK ║
║ F700 - F8FF 8K Include ║
║ F900 - FAFF 8K OK ║
║ FB00 - FBFF 4K Include ║
║ FC00 - FCFF 4K OK ║
║ FD00 - FDFF 4K Include ║
║ FE00 - FFFF 8K OK ║
╚═══════════════════════════════════╝
The regions with the status "OK" mean that QEMM is dealing with it correctly.
It is either NOT using the region because another resource is using it or it is
using the region and no other resource has tried to use it since you booted.
The regions with the status of "Include" mean that QEMM is not using the region
and no other resource has tried to use it since you booted.
The regions with the status of "Exclude" (none listed above) mean that QEMM is
using the region and another resource has tried to use that region at the same
time. This region must be manually excluded with the "x=nnnn-nnnn" parameter on
your config.sys line.
Now don't be fooled by all the "Include" regions above in that box. As you use
the system, those regions will shrink, split, or disappear altogether. After
executing "qemm analysis" (producing the above output) and then accessing a
floppy drive, the "Include" regions already begin to disappear:
╔═══════════════════════════════════╗
║ Area Size Status ║
║ 0000 - C2FF 780K OK ║
║ C300 - C7FF 20K Include ║
║ C800 - EFFF 160K OK ║
║ F000 - F1FF 8K Include ║
║ F200 - F2FF 4K OK ║
║ F300 - F3FF 4K Include ║
║ F400 - F6FF 12K OK ║
║ F700 - F8FF 8K Include ║
║ F900 - FCFF 16K OK ║
║ FD00 - FDFF 4K Include ║
║ FE00 - FFFF 8K OK ║
╚═══════════════════════════════════╝
After switching into every available video mode and running "qemm analysis"
again:
╔═══════════════════════════════════╗
║ Area Size Status ║
║ 0000 - C5FF 792K OK ║
║ C600 - C6FF 4K Include ║
║ C700 - EFFF 164K OK ║
║ F000 - F1FF 8K Include ║
║ F200 - F2FF 4K OK ║
║ F300 - F3FF 4K Include ║
║ F400 - F6FF 12K OK ║
║ F700 - F8FF 8K Include ║
║ F900 - FCFF 16K OK ║
║ FD00 - FDFF 4K Include ║
║ FE00 - FFFF 8K OK ║
╚═══════════════════════════════════╝
After typing "echo ^g" at the DOS prompt (^g stands for Ctrl-G) and then
running "qemm analysis" again:
╔═══════════════════════════════════╗
║ Area Size Status ║
║ 0000 - C5FF 792K OK ║
║ C600 - C6FF 4K Include ║
║ C700 - EFFF 164K OK ║
║ F000 - F1FF 8K Include ║
║ F200 - F2FF 4K OK ║
║ F300 - F3FF 4K Include ║
║ F400 - F6FF 12K OK ║
║ F700 - F7FF 4K Include ║
║ F800 - FCFF 20K OK ║
║ FD00 - FDFF 4K Include ║
║ FE00 - FFFF 8K OK ║
╚═══════════════════════════════════╝
As you can see, just about every system function will effect the regions that
QEMM thinks you can safely include. It is a good idea to run just above every
application you can and access every device on your system before deciding that
the information provided by "qemm analysis" may be accurate and usable.
If "qemm analysis" every reports a region with the status of "Exclude", do not
question it. Immediately edit your config.sys excluding that region and reboot.
If, for example, "qemm analysis" reports:
╔═══════════════════════════════════╗
║ Area Size Status ║
║ 0000 - C5FF 792K OK ║
║ C600 - C6FF 4K Include ║
║ C700 - EFFF 164K OK ║
║ F000 - F1FF 8K Exclude ║
║ F200 - F2FF 4K OK ║
║ F300 - F3FF 4K Include ║
║ F400 - F6FF 12K OK ║
║ F700 - F7FF 4K Include ║
║ F800 - FCFF 20K OK ║
║ FD00 - FDFF 4K Include ║
║ FE00 - FFFF 8K OK ║
╚═══════════════════════════════════╝
Edit your config.sys file addding "x=f000-f1ff" at the end of your
"device=qemm386.sys" line. Then reboot your system.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
So... as you can see, QEMMs memory management isn't all that great at all. I'm
sure I'm gonna get some messages from people saying, "I use QEMM and haven't
had a problem with it yet!" but those are the same people that fall victim to
DOS DoubleSpace problems. Yes, DOS DoubleSpace is TROUBLE! I do use DOS EMM
though... it seems to work just fine and I haven't heard of anyone having
problems with it... or at least it locking up a computer numerous times... and
with a specific program. I'm sure all you would rather not hear my technical
nightmares so I'll spare ya. 8^) I hope this helps a lot of you out. I'm not
trying to push you away from QEMM but it doesn't do an efficient job. It
CHEATS to give extra memory. I'll leave it at that.
Ken Teague
Msg#: 8800 *Anti Virus Q&A*
08-22-94 22:58:01
From: ARYEH GORETSKY
To: KEN TEAGUE (Rcvd)
Subj: REPLY TO MSG# 8497 (QEMM MANAGEMENT ERRORS...)
Personally, I use Microsoft's MSD to map memory areas after booting with a
clean copy of DOS.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8847 *Anti Virus Q&A*
08-23-94 23:19:01
From: KEN TEAGUE
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 8800 (QEMM MANAGEMENT ERRORS...)
I should try that. MSD does have some in-depth info. Thanks for the input!
Ken Teague
Msg#: 9192 *Anti Virus Q&A*
08-31-94 14:44:03
From: ARYEH GORETSKY
To: KEN TEAGUE (Rcvd)
Subj: REPLY TO MSG# 8847 (QEMM MANAGEMENT ERRORS...)
Glad to be of assistance, Ken.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8566 *Anti Virus Q&A*
08-16-94 05:59:40
From: DAVID SAUERBRY
To: SYSOP
Subj: CD VIRUS
I am looking for information and or "a fix" for a specific virus that was
reported by in a Defense Data Network Security Bulletin. In bulletin #9414 it
was stated that the cd-it virus was reported to McAfee Associates. The virus
was picked up in a file by the name of cd-it.zip. I would appreciate it if you
could shed some light on this problem or direct me to the right place to look.
Msg#: 8801 *Anti Virus Q&A*
08-22-94 23:01:12
From: ARYEH GORETSKY
To: DAVID SAUERBRY
Subj: REPLY TO MSG# 8566 (CD VIRUS)
Hello Mr. Sauerbry,
CD-IT was an old (3-4 year old) Trojan horse, not a virus. I don't think
anyone at DoD actually ever came across it. They just heard about it and put
out a bulletin. It was a one-shot thing that when run would erase the hard
disk. Not something that would spread without being noticed pretty fast.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8567 *Anti Virus Q&A*
08-16-94 06:04:41
From: DAVID SAUERBRY
To: SYSOP
Subj: CD VIRUS
This may be the second copy. Do not know if you gopt my first try.
I am looking for information and or "a fix" for a specific virus that was
reported by in a Defense Data Network Security Bulletin. In bulletin #9414 it
was stated that the cd-it virus was reported to McAfee Associates. The virus
was picked up in a file by the name of cd-it.zip. I would appreciate it if you
could shed some light on this problem or direct me to the right place to look.
I can be reached at 1800-635-0921 Days. -Garry Haun
Msg#: 8593 *Anti Virus Q&A*
08-16-94 19:27:06
From: LARRY DANBERGER
To: ARYEH GORETSKY (Rcvd)
Subj: HELLO, REGISTERED USER
Hi. As per the sign on screen, I thought I'd mention I'm calling from
Hyprotech Ltd., we have a site license. I don't know the grant number off
hand, maybe I'll find it somewhere. Anyways, have a good one.
-Larry Hyprotech Ltd. Calgary, AB, Canada
Msg#: 8812 *Anti Virus Q&A*
08-22-94 23:18:51
From: ARYEH GORETSKY
To: LARRY DANBERGER
Subj: REPLY TO MSG# 8593 (HELLO, REGISTERED USER)
Hello Mr. Danberger,
Your account has been set up so that you will have more time online and access
to the still-evolving licensed user areas. Please contact me if you have any
further questions.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8630 *Anti Virus Q&A*
08-17-94 14:25:03
From: DAVID DIMIT
To: SYSOP
Subj: NETWARE
Here's a question.
I have a running bet with my boss when we were discussing Anti Virus strageies
the other day.Is there another way that a Virus can attack or infect a Novell
file server, other than by booting on an infected floppy? Such as an infected
file coming over the wire and either attacking the disk subsystem or the
running NLM's?
Msg#: 8978 *Anti Virus Q&A*
08-27-94 20:59:05
From: ARYEH GORETSKY
To: DAVID DIMIT (Rcvd)
Subj: REPLY TO MSG# 8630 (NETWARE)
No, there are no NetWare specific viruses. A file virus could be spread to
workstations over the server, though.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8636 *Anti Virus Q&A*
08-17-94 22:07:36
From: SCOTT ROSIN
To: ARYEH GORETSKY (Rcvd)
Subj: SCN-NAT2
RE: PKLITED PROGRAMS.
I encountered the same problem with every pklited program I encountered
with SCN-NAT2. I run Stacker 4.0. The files were part of the Norton
utilities. As soon as I reinstall NU, I will UL the offending files if you
need.
With regards to NATAS: How do you restore a drive that has had the MBR
fried by NATAS? Your program cleans it, but unfortunately, the MBR seems to be
permanently wiped. I work in a clone shop and have been spending the last few
days removing NATAS(ty) from all our machines. The master Boot Records of all
the machines was infected and after performing low-level formatting, the drives
were useless. We tried AMI BIOS low-level as well as OEM low-level programs.
No help. Any advice will be appreciated. I cannot RMA all these drives.
Scott Rosin
Msg#: 8982 *Anti Virus Q&A*
08-27-94 21:08:15
From: ARYEH GORETSKY
To: SCOTT ROSIN
Subj: REPLY TO MSG# 8636 (SCN-NAT2)
Hello Mr. Rosin,
To remove the Natas virus from PKLited files, you will need to obtain a copy of
SCN-NAT3. Please call our office at (408) 988-3832 for download instructions.
To remove the Natas virus from the MBR, either use SCN-NAT3 to remove the
virus, or run FDISK /MBR (DOS 5 or higher only) on the affected hard disk.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8658 *Anti Virus Q&A*
08-18-94 16:22:01
From: ROBERT HARROLD
To: SYSOP
Subj: ERROR MSGS FROM V.2.1.0
I downloaded the NATAS scan v.2.1.0 and ran it against my hard drives. I am
running QEMM 7.0. Periodically QEMM would stop the scan program and issue a
message to the screen about it's having found "exception(s)" that indicated the
system was unstable because of a problem involving the file(s) that scan was
processing at the point of the exception.
. I typed an ascii file called "qemminfo.txt" which is a copy of the screen
message given by QEMM. Each time that QEMM gave an error msg to the screen, I
had moved the suspect file off my system to floppy and restarted scan v.2.1.0.
I didn't hand type each file's error msg, but I have included in a zipped file
called qemminfo.zip, the copy that I typed of the error message given when scan
v.2.1.0 encountered Norton 8.0's NDOSHELP.EXE. Maybe you can decipher the
information provided.
. Also in the zip file (qemminfo.zip) are the copies of the other files that I
encountered with scan and qemm as being suspect problems.
. Please note, that I re-ran scan v.2.1.0 against the floppy disk that I had
moved the qemm error msg files onto. It again gave me, for each, the same
warning(s).
. I then ran scan v.117 against the same files...no qemm warning.
. The file, zipper.com maybe corrupted from a disk crash. The file, ideid seems
to work o.k. All off the other files, mostly Norton 8.0, seem to work o.k.
. Thought this might be useful.
. P.S., If you know of a tsr that might be run in background in order to
capture to a diskfile the screen messages that appear during the operation of
an application, it might be useful for people to capture the screen msgs and
send them to you. It wasn't that difficult to type the one I had, I just
screen printed it and then hand typed it from the paper output into a disk file
which I've sent to you in the qemminfo.zip. However;
since there were several error msgs I only hand typed this one. If you are
able to run qemm on a machine with copies of these files on them, you will
probably get the same error messages.
. Remember, the zipper.com file is probably corrupt, thought the others (from
another hard drive), except for the scan v.2.1.0 & qemm message, otherwise run
quite well and don't give exceptions with scanv117.
. Thank you for a good product. I need to call your sales and register.
.
Msg#: 8993 *Anti Virus Q&A*
08-27-94 21:20:59
From: ARYEH GORETSKY
To: ROBERT HARROLD (Rcvd)
Subj: REPLY TO MSG# 8658 (ERROR MSGS FROM V.2.1.0)
Hello Mr. Harrold,
There is a bug in the SCN-NAT2 which causes to crash when an expanded memory
manager is present. This will be fixed in a future release.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9377 *Anti Virus Q&A*
09-02-94 03:56:58
From: ROBERT HARROLD
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 8993 (ERROR MSGS FROM V.2.1.0)
Thanks for info...re the expanded mem manager problem...
.
Msg#: 8670 *Anti Virus Q&A*
08-18-94 20:12:10
From: JIM WILKEY
To: SYSOP
Subj: SCAN
Sysop: I downloaded a disturbing file from Exec-PC a couple of nights ago that
indicated that McAfee's Scan and Scan2 were not as reliable at detecting
viruses as I had always thought them to be. The report was written by some
people from the University of Hamburg in Germany. They tested about 15 Virus
Scanning programs, including Scan2, and reported that Scan2 was not very good.
They reported a program called Anti Virus Pro to be the most reliable and best
virus detector. They reported that another program called F-PROT, was the most
successful at detecting different viruses by name. Apparently, their virus
collection consists of around 3500 viruses. I have been using McAfee's Scan
for some time and was hoping that you would have an answer to their report,
assuming you have seen it. The file's name was Tests_01.Zip on Exec-PC. I
hope to hear from you soon as this report disturbed me greatly. Bye.
Jim Wilkey
Msg#: 9000 *Anti Virus Q&A*
08-27-94 21:24:51
From: ARYEH GORETSKY
To: JIM WILKEY
Subj: REPLY TO MSG# 8670 (SCAN)
Hello Mr. Wilkey,
Can you upload a copy of the file? Thanks.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8694 *Anti Virus Q&A*
08-19-94 10:07:19
From: ROBERT CARPENTER
To: SYSOP
Subj: A STUPID? QUESTION.
Dear Sysop,
With the intro of VShield for windows, what is the preferred method of
protection for someone who works in Windows 90% of the time. Should I load both
VShield for DOS and Windows or would that be redundant?
Thanks,
Bob
Msg#: 9035 *Anti Virus Q&A*
08-28-94 23:59:05
From: ARYEH GORETSKY
To: ROBERT CARPENTER
Subj: REPLY TO MSG# 8694 (A STUPID? QUESTION.)
Hello Mr. Carpenter,
VShield for DOS is the preferred method. The VSHLDWIN.EXE program is only an
interface between VShield for DOS and Windows; it does not provide any
anti-virus protection itself.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8705 *Anti Virus Q&A*
08-20-94 03:02:51
From: ART WARREN
To: 1
Subj: SCN-210
I still need a way to work around the /a or A switch that just locks my system
when I try to use THDPRO to scan an upload to my BBS. SCN-210 just sits and
waits for someone on my end to press a key. This is ok if there is someone
close by to do it, but it will sit for hours while I am at work and no one
will notice, except the users who cannot log on because the whole system is
waiting for 1 keystroke, which may not come for hours. Very aggravating.
Thanx for your time.
Msg#: 9046 *Anti Virus Q&A*
08-29-94 00:05:51
From: ARYEH GORETSKY
To: ART WARREN
Subj: REPLY TO MSG# 8705 (SCN-210)
What is a THDPRO, Mr. Warren?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8721 *Anti Virus Q&A*
08-20-94 20:28:44
From: ANTHONY BARATTA
To: SYSOP
Subj: NEW VSHIELD
Hi... I was attempting to install a copy of your new version of vshield on a
486-33 and I kept getting a qemm processor interput error. I traced the error
to the dos mode command. I am running two monitors with my machine and I use
the mode command to switch between them. If i remove the mode command i am
fine...but I can't switch monitors. Any sugestions? Tony
Msg#: 9057 *Anti Virus Q&A*
08-29-94 00:15:48
From: ARYEH GORETSKY
To: ANTHONY BARATTA (Rcvd)
Subj: REPLY TO MSG# 8721 (NEW VSHIELD)
Can you send us a copy of your CONFIG.SYS and AUTOEXEC.BAT files? Thank you.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9244 *Anti Virus Q&A*
08-31-94 22:47:15
From: ANTHONY BARATTA
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 9057 (NEW VSHIELD)
Aryeh...
Here's my autoexec.bat and config.sys. (I am running stealth mode F), I need
as much extra space a possible...
Autoexec.bat
c:\utils\virus\vshield /m /chkhi /lh /boot /copy SET BLASTER=A220 I5 D1 H5 P330
T6 SET SOUND=C:\SB16 C:\SB16\SB16SET /M:220 /VOC:220 /CD:220 /MIDI:220
/LINE:220 /TREBLE:0 C:\SB16\SBCONFIG.EXE /S
@echo off SET QDOS=C:\QDOS SET QLOG=C:\QDOS verify on REM (Not needed for DOS
5) c:\qemm\loadhi /r:1 c:\qemm\buffers=30 call autopath.bat SET
PATH=C:\VBALER\;C:\EXCEL;%PATH%;C:\QDOS;C:\EMULASER;C:\SYM3 rem
c:\dimmer\dimmer.com/2 rem c:\summa\utility\mmrst /2 set temp=c:\dos SET
NU=C:\UTILS\NORTON dos\mode mono echo . echo . To activate this monitor, type
MONO at the prompt. echo . dos\mode co80
;NOTE It bombs here...
:I've rem'd out everything in this area and no luck c:\utils\fast!\fastx c:640
C:\UTILS\NORTON\IMAGE set acadfreeram=24 break on rem CALL GOMOUSE prompt $p$g
VER C:\QUICKEN5\BILLMIND C:\QUICKEN5 /p rem CALL C:\EMULASER\ELBOOT3
C:\EMULASER mem C:\QEMM\LOADHI /R:2 C:\SB16\DRV\MSCDEX.EXE /D:MSCD001 /V /M:15
Config.sys
DEVICE=C:\QEMM\QEMM386.SYS R:3 RAM sort:y ST:F dos=high,umb rem
DEVICE=c:\qemm\loadhi.sys /r:1 c:\summa\tabltdvr\tablet.sys /2 /c4 /s60
DEVICE=c:\qemm\loadhi.sys /r:3 C:\WINDOWS\ramdrive.sys 2000 /e
DEVICE=c:\qemm\loadhi.sys /r:1 c:\ustation\winconn\mswinc.sys
shell=C:\command.com C:\ /e:1500 /p STACKS=0,0 REM
device=C:\WINDOWS\SMARTDRV.exe /double_buffer FILES=50 BUFFERS=40
DEVICE=C:\QEMM\LOADHI.SYS /R:1 C:\SB16\DRV\SBCD.SYS /D:MSCD001 /P:220
Thanks for the help...
Tony
Msg#: 9536 *Anti Virus Q&A*
09-06-94 18:52:46
From: ARYEH GORETSKY
To: ANTHONY BARATTA (Rcvd)
Subj: REPLY TO MSG# 9244 (NEW VSHIELD)
Hello Mr. Baratta,
First off, it looks like you are running one of the old (V11x) versions of
VSHIELD. Can you try installing Version 2.1.0 or the 2.1.1-BETA and let me
know if the results differ?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9599 *Anti Virus Q&A*
09-07-94 08:34:22
From: ANTHONY BARATTA
To: ARYEH GORETSKY
Subj: REPLY TO MSG# 9536 (NEW VSHIELD)
Aryeh...
I was having problems with the new version 2.1.0. I replaced the V11x line
with the new .exe and the machine was locking up. So I switched it back.
That's the copy it sent you. Otherwise the autoexec.bat and config.sys have
not changed.
I'll try out the 2.1.1-beta and see what happens. If you find out anything
regarding QEMM and the stealth mode with 2.1.x let me know.
Tony
Msg#: 8722 *Anti Virus Q&A*
08-19-94 21:02:00
From: RICHARD ROGERS
To: KEN TEAGUE (Rcvd)
Subj: VSHIELD & LOCK-UP...
Hello Ken,
Thank you for your message and Qemm info (saved!).
I fully accept that the problem isn't VShield per se. I know
Qemm 'cheats' and accept using it means the occasional crash.
Before trying VShield high I hadn't had a crash for many months.
The point I was making is that such crashes didn't occur when
using the v117 series. Even so, I would rather use VShield 2.1.0
low than not at all.
Thanks again,
Richard
Msg#: 8846 *Anti Virus Q&A*
08-23-94 23:17:46
From: KEN TEAGUE
To: RICHARD ROGERS (Rcvd)
Subj: REPLY TO MSG# 8722 (VSHIELD & LOCK-UP...)
No problem.... glad ta be of assistance. I, myself, ain't gonna run Synchronet
BBS software simpilly cuz it doesn't work with VShiled!... talk about picky,
eh? VShield goes when my computer goes! AND THAT'S FINAL!
Ken Teague
Msg#: 8725 *Anti Virus Q&A*
08-21-94 12:12:45
From: THOMAS SAVAGE
To: SYSOP
Subj: WSC-210E
I have put a checksum file on my disk using wscan 210e using httteadd files to
an external database file. I then set vshield in my autoexec.bat file setting
it to /cf filename of checksum created by wscan. When I try to access wscan
again the computor beep as I have wscan set in the startup folder. When I run
procom I get a message that the checksums are not in the file specified by the
/cf feature. I have also tried using scan nad doing the smae thing being
creating a datatbase checksum file using the /af feature and when the programs
are accessed it get a flag staing validation codes not found in /cf filename.
any body else having these problems, and is this version of scan completed or
still beta?
Msg#: 8728 *Anti Virus Q&A*
08-21-94 13:48:13
From: WILLIAM CURTIS
To: SYSOPS
Subj: MONKEY_A
I was able to download and use scan 2.1 to detect the monkey_a virus that
followed me home from work, but I was not able to find clean 2.1 to remove it.
(I originally bought VirusScan 1.5 from CompUsa that did not detect this
virus.) I then came across killmonk v3.0 that was posted to this BBS that was
able to remove this virus. How long has monkey_a virus be around and when will
clean 2.1 be available?
Thanks,
William (registration card is in the mail!)
Msg#: 9061 *Anti Virus Q&A*
08-29-94 00:18:38
From: ARYEH GORETSKY
To: WILLIAM CURTIS (Rcvd)
Subj: REPLY TO MSG# 8728 (MONKEY_A)
Hello Mr. Curtis,
I am not sure how long the Monkey_A virus has been around--the original Monkey
appeared a little over one year ago.
The next release of VirusScan should clean it just fine.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8737 *Anti Virus Q&A*
08-21-94 22:20:18
From: JIM STEVENS
To: SYSOP
Subj: SCN-210E.ZIP
I downloaded scn-210e.zip tonight and tried using it. It kept
reporting after I repeatededly tried using it that there were possible virus's
in memory. Something like "Traces of HAMBONE virus found in memory!" or
"Traces of Tamanna virus found in memory", or Traces of TREMOR2 virus found in
memory!, or Traces of MV5F found in memory, and finally "Traces of GREEN found
in memory!". Needless to say either My computer is been hanging around with a
lot of socially infected critters or something.
I ran the program with the "/NOMEM" switch on both of my drives c and e
( the e drive is stacked (version 3.0)) and FOUND NO INFECTED FILES. I used
scanv117 and also found no virus in memory or in the files.
If you wish further information use my internet address stevens@crl.com.
Hope you can work this out
JIM
Msg#: 9063 *Anti Virus Q&A*
08-29-94 00:20:38
From: ARYEH GORETSKY
To: JIM STEVENS (Rcvd)
Subj: REPLY TO MSG# 8737 (SCN-210E.ZIP)
What sort of computer are you running SCAN 2.1.0 on, Mr. Stevens?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9214 *Anti Virus Q&A*
08-31-94 20:56:36
From: JIM STEVENS
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 9063 (SCN-210E.ZIP)
HI. I'm using a 286 machine running AMI Bios (around 1986) two RLL dirves, 4
megs of memory and using Stacker 3.0. 4 serial ports two parrell ports game
port and have a nine track tape drive card in myu machine.
Hopes this helps.
JIM
Msg#: 9535 *Anti Virus Q&A*
09-06-94 18:50:35
From: ARYEH GORETSKY
To: JIM STEVENS
Subj: REPLY TO MSG# 9214 (SCN-210E.ZIP)
Hello Mr. Stevens,
We have just released a beta-test version of VirusScan 2.1.1. Can you try that
and let us know if that solves the false alarm problem?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8750 *Anti Virus Q&A*
08-22-94 10:35:18
From: ANTHONY BARATTA
To: SYSOP
Subj: NEW VSHIELD
Hi...
I just read a message regarding the new vshield and qemm locking up. I did
some more investigation and I agree with the other user...if the new vshield is
loaded high with qemm, it locks up quite frequently. I downloaded the lastest
version of the older vshield and everything is fine.
Do you have a fix date for this?
TOny
Msg#: 9073 *Anti Virus Q&A*
08-29-94 00:36:18
From: ARYEH GORETSKY
To: ANTHONY BARATTA (Rcvd)
Subj: REPLY TO MSG# 8750 (NEW VSHIELD)
Hello Mr. Baratta,
We're looking into it now. One think I noticed is that the other use was
running QEMM in Stealth mode. Are you doing the same, by any chance?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8826 *Anti Virus Q&A*
08-23-94 09:33:40
From: STEVE CRAWFORD
To: SYSOP
Subj: JACK THE RIPPER
We were hit last week with two viruses - Jack the Ripper and '437', using Scan
and Clean 9.30 v117 I managed to eradicate these from PC's on our network.
The network is critical being the Administration systems for the New UK
National Lottery. So I am now planning to evaluate Netshield and various other
McAfee products - but I require prices, agent names etc...... - can you advise?
The real reason for this communique is that I can't get any information about
Jack the Ripper - ie: what it looks like, what it does etc... It seems to be a
newish virus and there doesn't seem to be many occurences documented of it here
in the UK. If anyone has info on this virus can you let me Know?
Thanks - Steve Crawford (Racal Network Services Limited)
(Sysop LEGEND BBS, Basingstoke, England, +44 (256) 700948, 24hr V32bis)
Msg#: 9004 *Anti Virus Q&A*
08-28-94 04:49:39
From: KEN TEAGUE
To: STEVE CRAWFORD (Rcvd)
Subj: REPLY TO MSG# 8826 (JACK THE RIPPER)
You can download VSUM by Patricia Hoffman!... a GREAT overview on viruses and
symptoms. It'll be a long d/l... about 15 mins with a 14.4 but it's well worth
it! It's online here in the files area, somewhere. heh!
Ken Teague
Msg#: 9145 *Anti Virus Q&A*
08-31-94 00:16:30
From: STEVE CRAWFORD
To: KEN TEAGUE (Rcvd)
Subj: REPLY TO MSG# 9004 (JACK THE RIPPER)
Thanks Ken, I have downloaded VSUM and searched it's data, however.... No
reference to Jack the Ripper can be found.. Thanks for the suggestion Ken,
Steve..
Msg#: 9180 *Anti Virus Q&A*
08-31-94 14:33:37
From: ARYEH GORETSKY
To: STEVE CRAWFORD (Rcvd)
Subj: REPLY TO MSG# 8826 (JACK THE RIPPER)
Hello Mr. Crawford,
The Jack the Ripper virus is a floppy disk boot sector and hard disk master
boot record (partition table) infector that is probably based on the Stoned or
Joshi viruses. This virus is damaging: On every disk-write there is a
1-in-1,024 (or something like that) chance that the virus will garble the
write, causing garbage to be written to the disk. Bear in mind, however, that
any disk operation can be composed of several disk writes, so damage will occur
at some point. Running a disk optimizer is a sure way to get the virus to do
damage.
Our agent in the UK, IPE Ltd (formerly IDS Ltd) should be able to help you with
detection and removal, as well as give you licensing information:
UNITED KINGDOM IPE Corporation Ltd. (formerly International Data Security)
Address: 10 Alfred Place,
London WC1E 7EB Contact: Oliver Mills
Telephone: +44 (71) 436 2244 FAX +44 (71) 916 1004 BBS +44
(71) 580 4800
Msg#: 8830 *Anti Virus Q&A*
08-23-94 13:16:16
From: NIKKI FISCHER
To: SYSOP
Subj: VSHIELD IN WINOS2
I am in the Info Security dept. at Huntington Banks. We are very interested in
selecting a virus scanner for OS/2. We currently have a site license for
NETSHIELD, VIRUSSCAN through NetPro.
OSCSCAN seems to work fine, VSHIELD works fine in DOS sessions, but I am having
trouble with WINOS2. With VSHIELD /ANYACCESS in the AUTOEXEC.BAT file, I get a
SYS0033 error. Returning the error code to program bypasses the error and
starts windows. However, VSHLDWIN does not see VSHIELD, I do get the audio
beeps when a virus is detected but no messaging.
Any suggests?
Thanks.
Msg#: 9184 *Anti Virus Q&A*
08-31-94 14:37:11
From: ARYEH GORETSKY
To: NIKKI FISCHER (Rcvd)
Subj: REPLY TO MSG# 8830 (VSHIELD IN WINOS2)
Hello Ms. Fischer,
VShield's /ANYACCESS switch does not work inside OS/2's DOS or WIN-OS2
emulation modes. Try using the /FILEACCESS switch in its place.
Can you try running VSHLDWIN.EXE and see if it works now?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9602 *Anti Virus Q&A*
09-07-94 11:52:31
From: NIKKI FISCHER
To: ARYEH GORETSKY
Subj: REPLY TO MSG# 9184 (VSHIELD IN WINOS2)
I changed the parameter to /fileaccess and vshieldwin still does not recognize
that vshield is loaded. I do recieve a system error just after vshield is
loaded and prior to windows startup. Any other suggestions?
Also, who should I work with to obtain pricing for OSCSCAN?
Thanks!
Msg#: 8858 *Anti Virus Q&A*
08-24-94 08:15:25
From: ROBERT BUWALDA
To: ALL
Subj: SCAN AND BANYAN
24 August 94
Problems with McAfee and Banyan Vines.
The problem is; when McAfee is installed locally on a pc, and the pc is
scanned before logging into our Banyan network, there is some sort of a memory
conflict occuring causing the network interface card not to bind.
The scan is a simple executable that should execute and go away. But it seems
to leave some sort of "memory residue".
All that I am trying to do is a scan, and am not loading any TSR's
(vshield,..). Have you got a solution for me?
Any help would be appreciated
Robert Buwalda RBuwalda@idrc.ca Ottawa, Ont.
Msg#: 9215 *Anti Virus Q&A*
08-31-94 22:20:12
From: ARYEH GORETSKY
To: ROBERT BUWALDA (Rcvd)
Subj: REPLY TO MSG# 8858 (SCAN AND BANYAN)
Hello Mr. Buwalda,
Can you send me copies of your AUTOEXEC.BAT and CONFIG.SYS? I'd like to look
through them for possible conflicts.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9507 *Anti Virus Q&A*
09-06-94 08:20:22
From: ROBERT BUWALDA
To: ARYEH GORETSKY
Subj: REPLY TO MSG# 9215 (SCAN AND BANYAN)
Thanks for your interest in the problem. Actually, the problem was fixed when
I used v117. The hanging problems with Banyan and McAfee have ceased and I
will not question why.
Robert Hardware guy IDRC
Msg#: 8862 *Anti Virus Q&A*
08-24-94 09:55:35
From: BRIAN HENGEN
To: SYSOP
Subj: POWER VIRUS
I just found the POWER virus on my computer, infecting one of my .com files.
The scan (2.1) will recognize it, but will not clean it. Do you have any idea
what this virus is or what it does?
Thanks much.
--Brian Hengen
Msg#: 8904 *Anti Virus Q&A*
08-25-94 09:04:19
From: JOHN CARONA
To: SYSOP
Subj: FORM(A) KILLED MY HD!
Please help. I know my home system had become infected with FORM(A) (The virus
which had plaqued our firm for several months). It destroyed my Quantum 170.
I replaced it the disk. I also added a Compaq disk to the system. The Compaq
is now giving me trouble. It is an old IDE, that as far as I can tell, was
never exposed. (I may be wrong.) So the problem arose after reformatting the
drive. I get a "media invalid, possible boot sector virus" BIOS message. The
dirve will store and retrieve data, however, Win.com hangs after the title
screen. So I try DOS6.2 scandisk, and it finds some bad sectors. Towards the
middle of the first platter. A couple of techie tricks later, and I am
positive it is infected. I have yet to run the latest version on SCAN to
detect anything, however, a previous version, as well as MWAV does not detect
anything present. Could it be possible that the disk was infected long before,
and in its inactivity, FORM(A) destroyed the boot sector? Like I said, the
only apparent problem with the disk is win.com hanging and occassionally, (more
frequently when I warm boot than power down) I get a boot-up BIOS error "DRIVE
D: not responding something or other". Do you have any suggestions?
Msg#: 9238 *Anti Virus Q&A*
08-31-94 22:41:44
From: ARYEH GORETSKY
To: JOHN CARONA
Subj: REPLY TO MSG# 8904 (FORM(A) KILLED MY HD!)
Hello Mr. Carona,
I would recommend booting from a clean (virus-free) DOS boot disk and backing
the PC's hard disks up to tape. Then use the DOS SYS command from the floppy
to place a new boot sector onto the C: drive.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8918 *Anti Virus Q&A*
08-25-94 16:35:06
From: ARYEH GORETSKY
To: JERRY HURT
Subj: REPLY TO MSG# 8601 (NET SCAN SOFTWARE)
That would be VirusScan for DOS or VirusScan for Windows, Mr. Hurt.
Aryeh Goretsky
Tech Support
Msg#: 8923 *Anti Virus Q&A*
08-25-94 18:38:17
From: STUART ONG
To: SYSOP
Subj: GREEN CATERPILLAR
Please help. Is there a cure for the green caterpillar virus? Thanks
Stuart Singapore
Msg#: 9243 *Anti Virus Q&A*
08-31-94 22:45:12
From: ARYEH GORETSKY
To: STUART ONG (Rcvd)
Subj: REPLY TO MSG# 8923 (GREEN CATERPILLAR)
CLEAN-UP removes this virus, Mr. Ong.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 8937 *Anti Virus Q&A*
08-26-94 07:56:44
From: TONY WEILER
To: SYSOP
Subj: GENR VIRUS
A local client in the San Jose area purchased on their on a boxed copy of your
McAfee Anti-virus, version 1.5 and scanned for viruses in two computers. No
viruses were found. They called me with the symptoms, and I then downloaded
version 2.1.0e, brought it there, and found that one machine had 5 infections
of the MAZE virus and one infection of the GENR virus. The other machine had
15 infections of the MAZE virus only. I erased the infected files, and got
rid of all infections except the GENR virus. Please, I need help with that
one!
The report came back that the GENR virus had "traces in memory" when
scanning memory, at approx. 960K. This message did not appear unless
HIMEM.SYS was loaded. The version of DOS is 6.22. I created a clean,
virus-free boot disk. It too, in JUST THIS ONE MACHINE, reported the GENR
virus again. The same disk had no such report in the other machine, when used
as the boot disk. Next, I disabled the hard disk by going into CMOS and
declaring the drive C was Not Installed. I discovered then, that in the
Advanced CMOS Setup, there was an option to enable the ChipAway Virus (is that
a virus SCANNER?). I disabled that option. Still, I got the same report
about the GENR virus, with the hard disk "Not Installed," and when booting
from drive A. Note: This machine has AMI BIOS, dated 1992, and has 4 megs of
memory.
THE BIG QUESTION: Could this report be a false report? Also note: When the
virus scanner is run with /NOMEM, then no viruses are found on drive C. At
this point, I explained the situation to the client and told them I would
contact you and await your response. Thank you for your ideas to come...!
Tony Weiler TeleMind Associates Gilroy, California
Msg#: 9006 *Anti Virus Q&A*
08-28-94 05:01:14
From: KEN TEAGUE
To: TONY WEILER (Rcvd)
Subj: REPLY TO MSG# 8937 (GENR VIRUS)
Good troubleshooting techniques, Tony! I just hafta ask one thing... are there
any other virus prevention TSRs in memory? Two may be conflicting with each
other. Just a thought.
Ken Teague
Msg#: 9249 *Anti Virus Q&A*
08-31-94 22:51:34
From: ARYEH GORETSKY
To: TONY WEILER (Rcvd)
Subj: REPLY TO MSG# 8937 (GENR VIRUS)
Hello Mr. Weiler,
It sounds to me like some sort of conflict with the ChipAway anti-virus device.
I have had other problems reported before but not this. We should have a
beta-test version of 2.1.1 out in a few days. Would you mind downloading it
and letting us know if this fixes the problem?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9385 *Anti Virus Q&A*
09-02-94 06:22:49
From: TONY WEILER
To: KEN TEAGUE (Rcvd)
Subj: REPLY TO MSG# 9006 (GENR VIRUS)
Thank you for your comments. I will download the 2.1.1 next week (assuming it
will be ready by then) and will use it on that machine.
Meanwhile, they are up and running with no apparent problems.
Thank you,
Tony Weiler TeleMind.
Msg#: 9091 *Anti Virus Q&A*
08-29-94 11:52:16
From: RENE DAGENAIS
To: SYSOP
Subj: SCREAMIN.11.652
need antivirus for screamin.11.652 in compuser montreal or d/l in my bbs
1-514-525-8903 please urgent all antivirus did not work.....eve ver 2.01 urgent
will call back later in compuser or here if not call my bbs velvet montreal...
Msg#: 9276 *Anti Virus Q&A*
08-31-94 23:16:51
From: ARYEH GORETSKY
To: RENE DAGENAIS
Subj: REPLY TO MSG# 9091 (SCREAMIN.11.652)
Hello Mr. Dagenais,
Try using CLEAN-UP Version 117 to remove the virus.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9119 *Anti Virus Q&A*
08-30-94 12:06:17
From: DIANE JOHNSTON
To: SYSOP
Subj: LATEST VIRUS SCAN
The 210E version of the scanning program does not work with DOS 3.3 on a 286.
We are also experiencing problems with this version on our 386s. I was told
that the fix for this would be in the next release. When will that be? Voice
phone is 202-616-0151, with voice mail after four rings. Internet address is
Diane.Johnston@OPM.gov. Thanks.
Msg#: 9294 *Anti Virus Q&A*
08-31-94 23:29:09
From: ARYEH GORETSKY
To: DIANE JOHNSTON
Subj: REPLY TO MSG# 9119 (LATEST VIRUS SCAN)
Hello Ms. Johnston,
The next release should be within 2 weeks.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9137 *Anti Virus Q&A*
08-30-94 11:33:00
From: BAXTER MILLER
To: SYSOP
Subj: NATAS
FYI:
The computers and printers at the public library in San Miguel de Allende,
Guanajuato, México are used by many American residents and tourists. Last
week, while visiting there, I found NATAS to be active, and unfortunately I
suspect this virus had been present for as long as several months. Of the
home computers I checked while in México, 100% were infected with NATAS
(this number includes several American friends and several amigos
Mexicanos).
I fear that the many visiting tourists who make use of the library computer
facilities have already spread Natas to many locations in the states.
Msg#: 9304 *Anti Virus Q&A*
08-31-94 23:40:37
From: ARYEH GORETSKY
To: BAXTER MILLER (Rcvd)
Subj: REPLY TO MSG# 9137 (NATAS)
Thanks for the report. That particular virus is widespread there.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9138 *Anti Virus Q&A*
08-30-94 11:37:00
From: BAXTER MILLER
To: SYSOP
Subj: NATAS & VSUM
After having downloaded the current VSUM last night, I was disappointed to
find but one mention of NATAS under `Mindless' virus; and this not relevant
to the virus I now have. I am anxious to know more of the characteristics
of this virus in order to know what to expect.
Msg#: 9305 *Anti Virus Q&A*
08-31-94 23:41:17
From: ARYEH GORETSKY
To: BAXTER MILLER (Rcvd)
Subj: REPLY TO MSG# 9138 (NATAS & VSUM)
Hello Mr. Miller,
You'd need to contact Ms. Hoffman about the contents of VSUM.
What would you like to know about the virus?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9429 *Anti Virus Q&A*
09-01-94 21:59:00
From: BAXTER MILLER
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 9305 (NATAS & VSUM)
>What would you like to know about the virus?
My curiosity extends to wanting to know the ultimate result if the virus is
not removed. The reason for my curiosity is that I know there have to be
quite a few infections still active in Mexico, and I would like to know how
to identify the aftereffects of Natas the next time I am down there.
Msg#: 9430 *Anti Virus Q&A*
09-01-94 22:04:00
From: BAXTER MILLER
To: ARYEH GORETSKY (Rcvd)
Subj: REPLY TO MSG# 9305 (NATAS & VSUM)
>You'd need to contact Ms. Hoffman about the contents of VSUM.
I would gladly do just that if I only knew where, particularly if I thought
my (unprofessional) observations would be useful. Do you have a point of
contact you are able to share?
Msg#: 9703 *Anti Virus Q&A*
09-09-94 16:32:18
From: ARYEH GORETSKY
To: BAXTER MILLER (Rcvd)
Subj: REPLY TO MSG# 9429 (NATAS & VSUM)
Hello Mr. Miller,
Well, we have had several special releases to detect and then remove the virus,
and now we have a beta-test version of VirusScan Version 2.1.1 which contains
an enhanced version of our detector and remover for this virus.
Aryeh Goretsky
Tech Support
Msg#: 9704 *Anti Virus Q&A*
09-09-94 16:32:43
From: ARYEH GORETSKY
To: BAXTER MILLER (Rcvd)
Subj: REPLY TO MSG# 9430 (NATAS & VSUM)
I would recommend calling her, sending a fax, or leaving a message on her BBS.
Aryeh Goretsky
Tech Support
Msg#: 9156 *Anti Virus Q&A*
08-31-94 06:10:25
From: RICH PIERLE
To: ARYEH GORETSKY (Rcvd)
Subj: FORM_A VIRUS
I SENT YOU A MESSAGE THE OTHER DAY REGARDING THE FORM_A VIRUS THAT IS SHOWING
ON THE BOOT SECTOR OF MY HARDRIVE. I HAVE NO IDEA OF WHAT TO DO ABOUT IT AT
THIS POINT. CAN YOU HELP?
THANK YOU IN ADVANCE RICH PIERLE
Msg#: 9317 *Anti Virus Q&A*
08-31-94 23:46:51
From: ARYEH GORETSKY
To: RICH PIERLE (Rcvd)
Subj: REPLY TO MSG# 9156 (FORM_A VIRUS)
Try using the SYS command against the hard disk after booting from a clean copy
of DOS.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9170 *Anti Virus Q&A*
08-31-94 14:15:31
From: DAVID PARKER
To: ARYEH GORETSKY (Rcvd)
Subj: VSHIELD V210
I am a licensed user for ViruScan and VShield V113. I recently downloaded
Viruscan and VShield V210E. Viruscan seems to work fine. But I can't get
VShield to work. I have QEMM v7.0 running on my 386 4MB 33Mhz 130 MEG CPU. I
think I'm getting memory allocation errors. When I try to run almost anything
(even DOS commands like EDIT or MEM) the computer hangs or I get a QEMM #13
message. I can't run Optimize. I have been booting from a floppy, remming out
the VShield 210, rebooting, loading VShield 113 and trying everything I can
think of. Since Scan210 was reporting CONVERT.EXE (one of the file in my Point
and Shoot menu system) "may not be executable" -- and the program wasn't
loading right anyway -- I have remmed it out too. I read some mail before that
suggested I need to say DOS=HIGH,UMB in my config.sys. I'm not sure if I have
the UMB part in mine. I'll check when I get home. Will that make a
difference? Should I delete the stuff Optimize put on the VShield line when I
optimized using v113? I just downloaded the L versions. Will that make any
difference? Thanks for your assistance!!!
Msg#: 9402 *Anti Virus Q&A*
09-02-94 10:53:33
From: ARYEH GORETSKY
To: DAVID PARKER (Rcvd)
Subj: REPLY TO MSG# 9170 (VSHIELD V210)
Hello Mr. Parker,
Can you try removing VShield from your AUTOEXEC.BAT, running QEMM's Optimize
program, and then add VShield back into your system? What happens then?
Aryeh Goretsky
Tech Support
Msg#: 9328 *Anti Virus Q&A*
09-01-94 05:28:15
From: MATHIEU GRAVEL
To: ALL
Subj: JUNKIE VIRUS
Hello,
At my job, I have many computer who have the Junkie virus. I use the
ViruScan v2.1.0 Lan version for clean it. But on some computer, I have to do
the scan many times (5-6). After each scan, he say that the virus is cleaned.
But when I do another scan , the virus is here again ! What's the problem ?
Also, I have on 1 diskette the _JUNKIE virus. Not the Junkie, but with
avec _ before. Viruscan is not able to cleaned it. What I have to do ?
Thanks, Mathieu.
: Sorry, but my english is very poor.
Msg#: 9541 *Anti Virus Q&A*
09-06-94 18:57:46
From: ARYEH GORETSKY
To: MATHIEU GRAVEL (Rcvd)
Subj: REPLY TO MSG# 9328 (JUNKIE VIRUS)
Hello Mr. Gravel,
Try running the VirusScan 2.1.1BETA to remove the virus by typing:
SCAN /ADL /ALL /CLEAN
That should remove the virus from your systems.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9632 *Anti Virus Q&A*
09-08-94 08:48:10
From: MATHIEU GRAVEL
To: ARYEH GORETSKY
Subj: REPLY TO MSG# 9541 (JUNKIE VIRUS)
Hello Mr. Goretsky,
I try many (it's about 10-20) times to remove the virus with these
options. But it doesn't work.
Example :
I run VirusScan on a PC, with a boot on C. Scan said that reboot with a
diskettes, because the Junkie Virus is in memory. I reboot with a diskette, and
re-run the Scan. He find him in 2-3 files (Command.com and others) and Scan
said that he cleaned the virus. I turn off the PC for 4-5 minutes, and turn on
with a boot on C. I re-run Scan another time, and the virus is here again ! And
try this 4-5 times. Same result. What I do wrong ?
Sorry for my poor english !
Thanks, Mathieu.
Msg#: 9362 *Anti Virus Q&A*
08-30-94 11:33:00
From: BAXTER MILLER
To: SYSOP
Subj: NATAS
FYI:
The computers and printers at the public library in San Miguel de Allende,
Guanajuato, México are used by many American residents and tourists. Last
week, while visiting there, I found NATAS to be active, and unfortunately I
suspect this virus had been present for as long as several months. Of the
home computers I checked while in México, 100% were infected with NATAS
(this number includes several American friends and several amigos
Mexicanos).
I fear that the many visiting tourists who make use of the library computer
facilities have already spread Natas to many locations in the states.
Msg#: 9425 *Anti Virus Q&A*
09-02-94 16:57:06
From: RUSS GROOM
To: BAXTER MILLER (Rcvd)
Subj: REPLY TO MSG# 9362 (NATAS)
Baxter,
Thanks for the warning. Natas does seem to be on the rise. Most of the calls on
this virus have been originating from Mexico. Any more, when someone calls and
says, "I'm calling from Mexico...", I almost immediately respond, "Oh, you have
the Natas virus."
Note: So far, SCN-NAT3.ZIP is our latest protection for this virus.
Russ McAfee Tech Support
Msg#: 9558 *Anti Virus Q&A*
09-06-94 19:16:30
From: ARYEH GORETSKY
To: BAXTER MILLER (Rcvd)
Subj: REPLY TO MSG# 9362 (NATAS)
Thanks for the report, Mr. Miller.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9578 *Anti Virus Q&A*
09-02-94 20:30:00
From: BAXTER MILLER
To: RUSS GROOM (Rcvd)
Subj: REPLY TO MSG# 9425 (NATAS)
>Any more, when someone calls and says, "I'm calling from Mexico...", I
>almost immediately respond, "Oh, you have the Natas virus."
Unless there are two people named Russ in your organization, you must be
the one who told me that when I called from Mexico last week. Thanks for
the prompt (and accurate) diagnosis.
>Note: So far, SCN-NAT3.ZIP is our latest protection for this virus.
I saw an earlier message with this file name, but I have been unable to
locate it on the board. I did find SCN-NAT2.ZIP last week.
Msg#: 9618 *Anti Virus Q&A*
09-07-94 18:07:59
From: RUSS GROOM
To: BAXTER MILLER (Rcvd)
Subj: REPLY TO MSG# 9578 (NATAS)
Baxter,
I recommend that you download SCN-NAT3.ZIP, from our Emergency BBS.
Login in Instructions:
First Name: Emergency Last Name: Access Password: 911
I hope that this helps a bit.
Russ
McAfee Tech Support
Msg#: 9656 *Anti Virus Q&A*
09-08-94 01:19:00
From: BAXTER MILLER
To: RUSS GROOM (Rcvd)
Subj: REPLY TO MSG# 9618 (NATAS)
>I recommend that you download SCN-NAT3.ZIP, from our Emergency BBS.
Thank you, I followed the instructions but still did not find the file.
The file SCN-NAT2.ZIP is on the board in file area one, however; I can find
no file named SCN-NAT3.ZIP. Could this just have been a typographical
error in yours and the other messages here?
Msg#: 9661 *Anti Virus Q&A*
09-08-94 21:23:44
From: RUSS GROOM
To: BAXTER MILLER (Rcvd)
Subj: REPLY TO MSG# 9656 (NATAS)
Baxter,
The SCN-NAT3.zip program can be found in the (E)mergency section, after logging
into the BBS with:
First: Emergency Last: Access Password: 911
It was there last I looked. Please, if you don't mind, take one more peek. If
you find that this file is STILL not present, please let me know (again).
Thanks, Russ
Msg#: 9363 *Anti Virus Q&A*
08-30-94 11:37:00
From: BAXTER MILLER
To: SYSOP
Subj: NATAS & VSUM
After having downloaded the current VSUM last night, I was disappointed to
find but one mention of NATAS under `Mindless' virus; and this not relevant
to the virus I now have. I am anxious to know more of the characteristics
of this virus in order to know what to expect.
Msg#: 9559 *Anti Virus Q&A*
09-06-94 19:16:48
From: ARYEH GORETSKY
To: BAXTER MILLER (Rcvd)
Subj: REPLY TO MSG# 9363 (NATAS & VSUM)
What would you like to know about this virus, Mr. Miller?
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9393 *Anti Virus Q&A*
09-02-94 08:54:26
From: CHARLES SCHWAB
To: SYSOP
Subj: WSCAN2.1 CONFLICT WITH NOVELL3.1X VLMS
Aryeh: I guess there is a known problem with being on a Novell network running
VLMs (rather than netx) and launching the wscan. When will this conflict be
resolved; when is the next release of scan2.1? charles schwab
Msg#: 9572 *Anti Virus Q&A*
09-06-94 19:30:53
From: ARYEH GORETSKY
To: CHARLES SCHWAB
Subj: REPLY TO MSG# 9393 (WSCAN2.1 CONFLICT WITH NOVELL3.)
Hello Mr. Schwab,
This should be fixed in the VirusScan for Windows Version 2.1.1 beta test,
which is currently available for download on the BBS.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9416 *Anti Virus Q&A*
09-02-94 11:37:19
From: GREG ROBERTS
To: SYSOP
Subj: OLD & NEW VIRUS FINDS
A few questions about the differences in virus finds and cleanings between
version 2.10 and 116. I have found the virus UNEXE on a portable computer
using scan v2.10L. I tried using scan /clean, but v2.10 said it could not
clean the infection. I then scanned the same computer with v116. It
identified the virus as Genb which the clean v116 gladly removed. I then
rescanned with v2.10 and it pronounced the computer virus free. V2.1o also
discovered the virus NOPS on a floppy disk we received from a client. V2.10
would not clean the disk. Version 116 called the virus Genp and again v116
cleaned the virus. V2.10 then found no more virus on the disk. Any thoughts
as to why v2.10 is not cleaning the viruses for me yet v116 will?
I also have a floppy boot disk I use for checking these portable computers.
Using any version of scan, the disk is proclaimed clean. If I put vshield
v2.10 on the portables, it says it finds TELECOM in memory. When I reboot
using the boot disk, it says that it still sees TELECOM in memory and that
perhaps the boot disk is infected. Scanning the boot disk in another clean
computer shows no sign of infection. All three of my Toshiba portables receive
the same message if I use version 2.10 rather than version 116. 2.10 will not
allow me to even try to clean this ghost virus.
Msg#: 9457 *Anti Virus Q&A*
09-04-94 09:53:03
From: RUSS GROOM
To: GREG ROBERTS (Rcvd)
Subj: REPLY TO MSG# 9416 (OLD & NEW VIRUS FINDS)
Greg,
At the moment, V2.10 is the young college hotshot, and V117 the experienced
veteran. V2.10 is fast, sleek, and using the new age (encryption) to locate and
identify viruses. V117 is older, slower, and doing it the way we always have.
V117 currently looks for virus signatures (motive of operation) to decide which
killer it's looking for. It isn't so much concerned with accurately identifying
a virus, if it can get rid of it just like all the other ones (thus GENP &
GENB).
V210 is not only finding viruses that 117 can't, but it is checking their
dental charts and doing retinal scans to find out their exact name. The problem
is this, once it has found the virus name, it may not know what to do with it,
because not all of the removers have been added to the .dat files, yet. We have
been told that the Scan V2.10 .dat files will be "complete" by the mid-end of
September. I placed complete in quotes because we will always be adding new
viruses to the .dat files.
I hope that this has helped a bit.
Russ McAfee Tech Support
Msg#: 9419 *Anti Virus Q&A*
09-02-94 12:56:11
From: ROBERT MUZIK
To: SYSOP
Subj: BOOT VIRUS'
If I recopy a disk with a boot virus, will it also be on the new disk?
Msg#: 9458 *Anti Virus Q&A*
09-04-94 10:02:30
From: RUSS GROOM
To: ROBERT MUZIK (Rcvd)
Subj: REPLY TO MSG# 9419 (BOOT VIRUS')
Robert,
To safely remove the files off of an infected diskette, it is best to use the
Copy *.* command. DO NOT use the diskcopy command, because that will make an
exact duplicate of the infected diskette... virus and all!
Note: this only applies to boot sector viruses. Never copy infected files.
I hope that this has helped a bit.
Russ
McAfee Tech Support
Msg#: 9422 *Anti Virus Q&A*
09-02-94 15:00:35
From: NATHAN ATKINSON
To: SYSOP
Subj: POLYMORPHIC
Hello, does you current version (210e) cover polymorphic viruses? When will you
be writing windows versions that run in 3.0 real mode (if possible, it would be
really nice)? Thanks A Lot! Nathan Atkinson
Msg#: 9459 *Anti Virus Q&A*
09-04-94 10:07:25
From: RUSS GROOM
To: NATHAN ATKINSON (Rcvd)
Subj: REPLY TO MSG# 9422 (POLYMORPHIC)
Nathan,
Yes, v210 does offer protection against many polymorphic viruses. As to your
second question/request, regarding the possiblities of a Win 3.0 Real Mode
Scanner, I'd have to say that it isn't likely. I will mention your request to
the engineering team, however.
I hope that this has helped a bit.
Russ
McAfee Tech Support
Msg#: 9435 *Anti Virus Q&A*
09-02-94 23:41:14
From: JIMMY JONES
To: SYSOP
Subj: NAV VS. MCAFEE
well, youknow, uhhm, we had two exectuive types come down to our los angeles
office to "disinfect" all the p.c."s. They told me, as i followed the lady
executive from p.c to p.c., that everysingle machine waas infected. I told her
that I had personally scanned those p.c.'s using your package ver. 116 and
caught two monkeys and cleaned them up. THEY toldme that "McAfee doesn't get
what Norton does." Now, Imust admit, Norton has saved my day several times,
but I know for a fact that you guys are the recommended software to use by the
hackers theirselves. Over and above NAV. Now, my question is, why would the
so-called experts try and tell me something that I know isn't true? I dunno.
Kinda makes ya wonder. Over and out.
Msg#: 9461 *Anti Virus Q&A*
09-04-94 10:22:30
From: RUSS GROOM
To: JIMMY JONES
Subj: REPLY TO MSG# 9435 (NAV VS. MCAFEE)
Jimmy,
Everyone will always have their own preferences. VSUM, an independent virus
research organization, currently rates our software at 97% efficiency on
detecting over 2,500 viruses; Norton is currently rated at 79% on the same
scale.
The fact of the matter is, however, that no one is finding them all. Some
packages are stronger at removing certain viruses.
I guess my advice is to use the package that makes you feel safe, and keep it
UPGRADED!
I hope that this helps a bit.
Russ
McAfee Tech Support
Msg#: 9706 *Anti Virus Q&A*
09-09-94 16:34:27
From: ARYEH GORETSKY
To: JIMMY JONES
Subj: REPLY TO MSG# 9435 (NAV VS. MCAFEE)
I really have no idea, Mr. Jones. But each person has his own preferences.
Aryeh Goretsky
Tech Support
Msg#: 9455 *Anti Virus Q&A*
09-04-94 09:35:27
From: RUSS GROOM
To: BAXTER MILLER (Rcvd)
Subj: NATAS
Baxter,
The Natas virus is a multipartite and polymorphic virus.
Most viruses attack either the boot-sector or executable files, but not both. A
multipartite virus, however, does infect both and can be particularly "pesky"
(an understatement) to remove. Even if you remove the virus from the boot
sector, if one file remains infected, it can start all over again. That brings
us to second feature of Natas...
Polymorphic viruses have the ability to change the way they appear. So, normal
signature checking is not effective on this stain of virus. It's like trying to
identify Plasticman by his fingerprints.
As far as what you are going to see, look for changes in file size and a
reduction in total bytes (conventional) memory. If you find Natas, don't use
the infected system until you have a chance to remove it (SCN-NAT3.ZIP). If you
must use your system, boot it up from a clean, write-protected, bootable
diskette, and refrain from using executables that are on the infected system.
I hope this has helped a bit.
Russ McAfee Tech Support
Msg#: 9482 *Anti Virus Q&A*
09-05-94 12:32:56
From: HELMUT SZIKAL
To: SUPPORT
Subj: PARITY BOOT B VIRUS
Hi, I found virus 'Parity Boot B [ParB]' on harddrive of my laptop after having
installed a shareware game. Your program located it in the memory at 640 kb.
The virus destroyed PCTOOLS.EXE and some other files. After that I copied
another software from a floppy disk to the harddrive. Then I deleted some other
files, which I did not need anymore. The virus was found on the particular
floppy disk only, but no longer on the harddrive. Is it possible, that this
specific virus has just wandered from the harddrive to the floppy disk without
multiplying on the harddrive? Or does this particular virus disguise itself in
a way, that the McAfee antivirus program is not able to detect it anymore? If
you are able to answer my questions, could you please send me a fax under the
number +49-9123-84692 in Germany. Thank you very much. Sincerely, Helmut Szikal
Msg#: 9508 *Anti Virus Q&A*
09-06-94 08:47:11
From: ROBERT GARRISON
To: SYS OP
Subj: VSHIELD 2.10
Hello Sir, When I downloaded vshield 2.10 I couldn't find the file vshield.txt
after I unzipped the zip file. Is it in there? It looks like a great program
but I don't know if the switchs have changed from Vshield 117, which I also
very recently took a look at. I'm about ready to spend some money on these
programs but need a little more information along these lines. I like your BBS
setup. You are giving people a great deal of time on line!
Msg#: 9515 *Anti Virus Q&A*
09-06-94 10:55:49
From: JERRY DOCKAL
To: SYSOP
Subj: NLM NETSHEILD VER 1.56
WE HAVE NETSHELD VER 1.56 AND ARCSERVE NLM LOADED ON FILE SERVER AT MEDICAL
COLLEGE OF GA IT HAS LOST THE BINDERY FILES FOR US TALKED WITH ARCSERVE THEY
SAID WE NEED FILE 3NS160.ZIP VER 1.60 TO BE LOADED ON THE FILE SERVER WHERE CAN
WE DOWN LOAD THIS FILE FOR MCG THEY HAVE A SITE LIC FOR YOUR SOFTWARE. JERRY
Msg#: 9524 *Anti Virus Q&A*
09-06-94 14:33:17
From: TUAN LE
To: ARYEH GORETSKY
Subj: SCANV211.ZIP
I downloaded SCANV211.ZIP yesterday & tested it. I am still having some
question concerning that file. Can You please tell me what Computer language
were used to program the SCAN.EXE. What is the most common Computer Language
used to program McAfee software ? Thanks,
Tuan Le,
=======
Msg#: 9548 *Anti Virus Q&A*
09-06-94 19:05:54
From: ARYEH GORETSKY
To: ANDREW STUDER
Subj: REPLY TO MSG# 9338 (VIRUS SIGNATURES)
Hello Mr. Studer,
We haven't released any signature file updates yet for VirusScan Version 2.1.
That's why there aren't any signature file updates online.
Regards,
Aryeh Goretsky
Tech Support
Msg#: 9580 *Anti Virus Q&A*
09-02-94 20:49:00
From: BAXTER MILLER
To: SYSOP
Subj: DOS 6.2 ANTIVIRUS MSG.
During my experience with the Natas virus, I received the following message
while booted from a clean write-protected floppy:
BootSector Write!!
Possible VIRUS: Continue (Y/N)
The perplexing thing about this to me is that at the time I was running
absolutely no anti-virus software. The only programs which showed to be in
memory at the time were MSDOS and COMMAND. Does this message originate
from DOS?
Msg#: 9660 *Anti Virus Q&A*
09-08-94 20:38:52
From: ERIC LINDHOLM
To: SYSOP - ARYH
Subj: VIRUS DETECTION FOR TAPES
AM INQUIRING ABOUT THE USE OF VIRUS DETECTION FOR FILES STORED ON CARTRIDGE
TAPES. ARE THERE ANY PROCESS/PROCEDURES, SOFTWARE DETECTION FOR VIRUSES
CONTAINED IN FILES STORED ON CARTRIDGE TAPES??
Msg#: 9662 *Anti Virus Q&A*
09-08-94 21:30:17
From: NATHAN ATKINSON
To: SYSOP
Subj: CD-ROMS
Hi! Just one quick question, could there be any viruses on musical CD's (like
worms) that we play in our cd-roms? Thanks. Nathan Atkinson
Msg#: 9681 *Anti Virus Q&A*
09-09-94 07:56:28
From: JON SHANNON
To: ARYEH GORETSKY
Subj: 2.1.10 ON VINES
I've been using 2.0 very successfully since it was released. I
recently d/l 2.1.10 and have these comments:
1. It is labeled "EVALUATION COPY". Since this is being used on a
relatively large network, it created some confusion among my
users when they got the associated messages about registering it.
In the past, it read "registered copy" if it was downloaded from
the registered users' BBS.
2. There seem to be problems that were not experienced with 2.0.
- 2.1 is loaded on a network drive. When the user is logged
off, the drive is dropped and VSHIELD appears to become
unstable. When the user warmboots, there are often error
messages reporting missing or damaged .DAT file or the
PC simply hangs up and a hard reset is necessary.
- When a user warmboots while still logged onto the network,
we sometimes get a message from DOS' EMM386.EXE reporting
an "Exception 12". This may not be a McAfee problem, but
it did not occurr in release 2.0.
3. When these problems became apparent, I looked in the command line
options of the 2.0 release for the switch to ignore the expired
version (11X had this) so we could fall back, but there appears to
be no such option.
We're running Banyan Vines 5.53(6) with DOS 5.0, 6.0, and 6.2 nodes.
VSHIELD is loaded after network drivers on 386 and higher machines. EMM386
with NOEMS is used on these PC's.
Have you run into any of this before? I'm resisting going back to 11X
because 2.0 loads high much more easily which is a must for us.
Jon Shannon
V: (803) 383-8192
Msg#: 9686 *Anti Virus Q&A*
09-09-94 09:15:37
From: TONY FLAGG
To: SYSOP
Subj: SCAN MESSAGE
Hello Mr. Goretsky. I'm calling from U.S. News and World Report in Washington,
DC. We are evaluating version 2.1 for use by MS-DOS clients on our
Pathworks/Netware LAN. When running SCAN on a local drive with the /ALL
parameter, I received several messages that read "May not be executable!". Can
you provide guidance as to how seriously to take this message?
- Tony Flagg
Net Admin.
Msg#: 9698 *Anti Virus Q&A*
09-09-94 16:20:46
From: MIKE MICHALOWICZ
To: SYSOP
Subj: NETWARE 2.2
Does McAfee make a NLM version of NetShield for the Netware 2.x NOS?
Msg#: 9715 *Anti Virus Q&A*
09-10-94 09:28:53
From: DELIA HORD
To: TECH SUPPORT
Subj: CLEAN START UP DISKETTE
When we installed Mcafee, we did not come across the message that would have
installed a clean startup diskette as noted in page 11 # 6. Would you please
give me the instructions so that I can create this diskette. Thank you Delia S.
Hord (Mrs. Thomas B. Hord)
Msg#: 9743 *Anti Virus Q&A*
09-12-94 06:59:14
From: MIKE MERCIK
To: SYSOP
Subj: SCAN 2.1.1 /ADL
The beta 2.1.1 SCAN code /ADL switch works better that in 2.1.0, but it still
requires you to have something in an external drive other than A or B. (I have
3 attached - a 5 1/4 diskette, a bernoulli and a CD-ROM). If any of these
drives are empty, SCAN simply exits after the memory check. It would be
much better if SCAN could identify it as an external drive and continue. At
the very least, when its gets a drive not ready or some other error, it should
display a message to that effect and continue to scan the other drives.
Msg#: 9791 *Anti Virus Q&A*
09-13-94 12:07:03
From: JEREMY COHEN
To: SYSOP
Subj: ANTIEXE VIRUS
I have encountered the antiexe virus. What is this virus? Can clean,
clean up this virus? Do you know what this virus does? What?
Thanks Jeremy Cohen
Msg#: 9812 *Anti Virus Q&A*
09-14-94 01:50:55
From: DANIEL STARNES
To: SYSOP
Subj: CHIPAWAYVIRUS
A message was posted on my favorite BBS about a possible virus problem.
During boot-up, the message ChipAwayVirus Enabled has shown up. The computer
has been acting strange, he didn't give any more details than that. Do you
know of such a virus, and if so, what should be done.
By the way, your board dropped carrier three times in a row on me when I
tried to paste the text of the message directly to your board. Please advise
me if I am doing something wrong.
Msg#: 9826 *Anti Virus Q&A*
09-14-94 09:15:04
From: LSSI LSSI
To: ARYEH GORETSKY
Subj: ZIP FILES
When installing updates to a software program on our network, Netshield has
been zapping zipped files and the pkunzip program. Netshield is set to scan
all incoming files (*.*). Is there a way to prevent it zapping our zipped
files? These have a variety of extensions.
Also, we're pretty new to Netshield. We're running version 113. When applying
updates to vir.dat, do we need to apply only the latest version, e.g. 117, or
all intervening versions, e.g. 115 and 117?
LSSI LSSI
Msg#: 9837 *Anti Virus Q&A*
09-14-94 22:12:44
From: GRAZIANO FIORITO
To: SYSOP
Subj: PROBLEM?
Dear Mr, some time ago I asked your help in solving some "virus" related
problems that we had in our Institution. Now, agai, I hope that you could help
us. I am currently using version 117 of your scan program that doesn't
recognize up to now any virus in my machine (an IBM Ps2 9577, 486DX2 66Mhz with
12Mb RAM and 2 HDx400Mb). From 4 days until now, when I am using the machine
using any program a message appears on the top left of the monitor saying:
ATTENTION: a serious problem occurred writing on drive C, retry? ... and the
machine hangs. I must power off it and if I will turn on again before than 10
minutes the computer is not able to boot from the Drive C (saying Not bootable
disk). Our computer reference company says that they ever seen this kind of
message and they are in wondering about a "strange virus". Is it possible?
Thank your for youre help. Sincerely Dr. Graziano Fiorito Supervisor, Serv.
Documentazione Stazione Zoologica "A. Dohrn" di Napoli Napoli, ITALY
Msg#: 9840 *Anti Virus Q&A*
09-14-94 23:02:45
From: DANIEL STARNES
To: SYSOP
Subj: CHIPAWAYVIRUS
I left a message yesterday asking about a ChipAwayVirus. A number of
other people on the BBS I was refering to have answered that ChipAwayVirus is a
virus checker that is included in the bios of the Computer. Thanks anyway.
I do have one more question: I see that McAfee has an internet address, to
what address should questions be sent on the Internet? You have mcafee.org
listed as the adress, but do I need to list a specific person, or is just plain
mcafee.org going to be enough?
Daniel Starnes
daniel.starnes@sdcs.org
Msg#: 9856 *Anti Virus Q&A*
09-15-94 11:41:37
From: JOEL GRUHN
To: SYSOP
Subj: CLINIC
I am looking for a program called Clinic - or at least i think I am. MSAV and
scan both go beeep-beep-beep, tell me my diskettes are infected with form_a and
tell me to run clinic. where do I get a copy? Is it the same as clean?? Does it
exist?
Joel D. Gruhn NEPTCO Incorporated 401-722-5500
thanks for your assistance - this virus stuff is really a hassle!!!
Msg#: 9867 *Anti Virus Q&A*
09-15-94 17:46:58
From: AK FIRE SERVICE
To: ARYEH GORETSKY
Subj: ACCOUNT KILLING
How often, or what circumstances must be met before an account is killed. I
have had to re-register at least twice in 2-3 months.
-Brian Lamb, Ak Fire Service
Msg#: 9875 *Anti Virus Q&A*
09-15-94 21:07:02
From: PAUL HESSLER
To: ARYEH GORETSKY
Subj: RED LILRED VIRUS
Hi, I recently came in contact with someone who had what SCAN V117 reported as
Red [lilred] Virus. Clean v117 said to overwrite and delete the file, which he
did. The file was command.com. Dos was then re-installed on the machine and
SCAN reported it to be virus free. The next day, command.com was again infected
and he swears up and down that no floppies were put into the machine in that
time. Is this possible? Will SCAN V117 find viruses in compressed files as
well? I would be very interested in knowing. Thanks for your input.
Regards Paul W. Hessler
Msg#: 9884 *Anti Virus Q&A*
09-16-94 06:30:52
From: GLENN HOWE
To: SYSOP
Subj: MCAFEE'S "LOCK" COMMAND
i've noticed that vshield has a /lock parameter that will halt the computer
when a virus is found. My question is whether this option is also available
outside of vshield. I am currently using v1.5 and would like to have this
option outside of vshield. Any help would be appreciated. thank you, glenn
howe
Msg#: 9909 *Anti Virus Q&A*
09-17-94 10:37:24
From: MARK LANCASTER
To: SYSOP
Subj: UPLOADED SUSPECT VIRUS
Hello I found a program that scan117 reported as virus 17690.I am curios as
to what this virus would do if you unwittingly ran it. Please leave me mail on
Compuserve at 73002,1705.I would greatly appreciate it. The file name I U/L was
QRIPJR1.ZIP, Thanks
Msg#: 9911 *Anti Virus Q&A*
09-17-94 13:42:21
From: DAVID WHITMOYER
To: SYSOP
Subj: NEW BUG
Hi. I am a sysop and would like to know if your anti-virus software can
detect the New Bug virus. I use your scan to test new files, but my version
will not detect new bug and I would be interested in one that could detect it.
Thank you. Dave
-Press Any Key-