home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Simtel MSDOS 1992 September
/
Simtel20_Sept92.cdr
/
msdos
/
trojanpr
/
dirtyd9c.arc
/
VIRUS.DD
< prev
next >
Wrap
Text File
|
1989-12-16
|
13KB
|
237 lines
------------------------------------------------------------------
| |
| VIRUS LIST |
| |
------------------------------------------------------------------
| Issue #9: December 17, 1989 |
| Revision Stage: C |
| |
| Maintained by Eric Newhouse |
| John Abolins |
| Thomas Sobczak |
------------------------------------------------------------------
Note: The Dirty Dozen only lists viruses that circulate BBS's
under specific file names. Virus Scan, a program by John McAfee,
maintains a more thorough and current list of ALL known viruses.
FILENAME EXTENSION CODES:
--------------------------------
. -> - UNKNOWN -
.B -> .BAS - BASIC -
.C -> .COM - DOS -
.E -> .EXE - DOS -
.A -> .ARC PKUNPAK v. 3.61
.L -> .LZH LHARC v. 1.13ß
.P -> .PAK PAK v. 1.60
.Z -> .ZIP ZIP v. 1.02
Name.X, CRC Size Category Notes
------------- ------ -- -----------------------------------------
AIDS.EXE ?????? V The story behind AIDS, one of the more
disgusting viruses in circulation, is
unique. AIDS teaches people to read the
fine print.
Cyborg Ltd. recently sent thousands of
"AIDS demo disks" to businesses and
individuals all over the world. The
disks supposedly educated people about
the dangers of AIDS. Sounds innocent,
right? Wrong. Cyborg insists that all
users of this "demo" send $350 to an
address in Panama simply to run the
program. Regardless of whether the user
pays, AIDS activates sophisticated viral
code after invocation. After 90 reboots,
AIDS trashes hard disks.
Robert Walczy of PC Business World
Magazine (England) can help anyone who
has run AIDS. Voice : 01-831 9252
Fax : 01-405 2347
ARC2ZIP.EXE VC One user reports that this .ARC to .ZIP
file converter inserts a virus into
COMMAND.COM and into every .ZIP file that
it converts. Once the virus infects
COMMAND.COM, it copies itself onto any
other floppy based COMMAND.COM that it
can find. Be very careful of files named
ARC2ZIP, for while there is a legitimate
ARC2ZIP, there is also most definitely a
viral one.
ARC533.E VC This Virus purportedly emulates SEA's
ARC.EXE as it infects COMMAND.COM.
CHRISTMAS.EXEC ??? V This is the famous Bitnet virus. Around
Christmas time, this program sent mail to
every bitnet user with a defined "nickname"
(Bitnet users use short nicknames to
avoid typing long user ID's) with a
picture of a christmas tree. The mail
eventually reached so many people that it
overloaded the system, creating a lot of
yuletide headaches.
PC Users do not need to worry about the
Bitnet virus. The program is written in
REXX, a mainframe only language, and it
can only run on mainframes that use
Bitnet's nickname technique. This entry,
in fact, is here primarily to help clear
up the confusion prevalent when talking
about this virus.
*.EXE, *.COM ANY V Any of your executable files may
contain a virus in it. Don't Panic,
though; this virus is detectable! If you
have an infected file, it will increase
the size of all other .EXE files run
thereafter by 1808 bytes and all .COM
files by 1813 bytes upon invocation.
Now you know how to recognize this
virus. Be sure to look out for it,
because the symptoms it creates are very
nasty. The virus increases the size
of .EXE files repeatedly - not just once.
While this is a boon in recognizing the
virus, it also means that eventually all
affected .EXE files will become to large
to fit in memory. The virus also slows
down computers by as much as 500% after
it has spread. Watch for this symptom!
Perhaps most deadly, on any Friday the
13th, this virus will erase AT LEAST all
.EXE and .COM files that you run, and AT
WORST your whole disk. The next Friday
the 13th is October 13, 1989.
BXD.C 6363 21376 VC This virus scrambles FAT tables
after a certain amount of time from the
initial run. 6363 is the CRC.
COMMAND.C ????? V This is a traditional Virus. Originating
in colleges and universities across the
nation, and in particular at Lehigh
College, this virus will embed itself in
COMMAND.COM.
The Lehigh version copies itself onto
FOUR floppies before scrambling your FAT
and initiating a format. Beware! the
virus does NOT change the filesize of
COMMAND.COM, but it does change the date.
Write protecting your floppies will save
you from the Lehigh Strain.
DEFENDER.A V DEFENDER not only low level formats
your HD, but it also wipes your CMOS
clean. If you don't have a software
based setup program on another disk, you
will be forced to send your motherboard
back to the factory for a new CMOS
installation. "The Duplicators" claim
responsability for this virus.
DRSLEEP.Z 5???? V Dr. Sleep replicates all files in the
parent directory and all files one level
lower. Eventually your system will
crash, unable to distinguish between two
COMMAND.COM's, IBMBIO.COM's, and
IBMSYS.COM's. Use the PD program
REPEAT.COM to check and see if this virus
hit you.
FLUSHOT3.C 2685 2357 V Somebody tampered with Ross Greenberg's
CRC Bytes Viral protection program, v. 3.0. The
virus version sucks the life out of your
FAT's over a period of approximately a
dozen boots. After that, it completely
erases your FATs. I strongly recommend
that you update your copies of Flu_Shot+
from either Compuserve, Mr. Greenberg's
BBS, or Channel One BBS.
QMDM31B.A ?????? V John Friel confirms that he never
released a v. 3.1b of Qmodem. This
version, which is less than 1 KB bigger
than the Archive for 3.1a, will add 17
bytes to your IBMBIO.COM file. Beware;
while I don't know how this virus works,
I do know that there's NEVER any reason
to add 17 bytes to IBMBIO.COM.
Note: IBMBIO.COM is a READONLY file.
In other words, here is the first trojan
that can write past a "write protect;"
this virus acts when it theoretically
shouldn't be able to.
ONTOP.Z ?????? VC Ontop is Xrated GRASP Animation.
Apparently someone modified a working
file, adding code that modifies
COMMAND.COM and code that corrupts just
about every file on disk. After a short
time period, the virus supposably slowly
erases HD's. Be careful with this one!
SCAN.Z ????? VC Someone tampered with v. 1.4v19 of John
McAfee's Virus Scan program. Use v.
1.4v45 or later, which supports a
run-time self-test designed to detect
such tampering. The viral version shows
(C) 1989 by Wiley Soft.
UNIX VC Version 4.3 of UC Berkley's UNIX is
apparently an INTERNET virus which
travels by mail packet. Beware.
VIRUS.C 14847 20474 VC VIRUS.ZIP advertises itself as
CRC Bytes protection against viruses. In fact,
it seems to be a virus itself. More
information should be forthcoming, but
for now excercise caution. Note the
irony of the filename; look out for
delicate ironies like this.
WORDSTAR 360k V Some pirated copies of Wordstar and
other commercial programs have "The
Dungeon" virus implanted in them.
According to the grape vine, Computer
users who bought pirate software at
cutthroat prices imported this virus into
the USA from Pakistan.
The boot sector of "The Dungeon" virus
contains the string: "Welcome to the
Dungeon." "The Dungeon Virus" is fairly
recognizable because it adds 1820 bytes
to every .COM file on your HD. The
symptoms are also unique: every once in a
while the virus will erase the lower left
hand corner of the screen.
WOW.C V This is the infamous 1701 virus. Upon
WOWTITLE invocation, WOW will draw a cute ANSI
screen as it injects itself into EVERY
.COM file on your disk drives. The virus
is labeled the 1701 virus for two
reasons:
1. Every .COM file on disk grows by
1701 bytes.
2. Eventually the virus forces a
'1701' error - which is the error
code for a busted HD.
Be alert for this virus. If you are hit,
a vaccine is available at both Crest and
Channel One BBS's.