Simtel MSDOS 1992 September

home *** CD-ROM | disk | FTP | other *** search

/ Simtel MSDOS 1992 September / Simtel20_Sept92.cdr / msdos / trojanpr / dirtyd9c.arc / VIRUS.DD < prev next >

Wrap

Text File | 1989-12-16 | 13KB | 237 lines

------------------------------------------------------------------ | | | VIRUS LIST | | | ------------------------------------------------------------------ | Issue #9: December 17, 1989 | | Revision Stage: C | | | | Maintained by Eric Newhouse | | John Abolins | | Thomas Sobczak | ------------------------------------------------------------------ Note: The Dirty Dozen only lists viruses that circulate BBS's under specific file names. Virus Scan, a program by John McAfee, maintains a more thorough and current list of ALL known viruses. FILENAME EXTENSION CODES: -------------------------------- . -> - UNKNOWN - .B -> .BAS - BASIC - .C -> .COM - DOS - .E -> .EXE - DOS - .A -> .ARC PKUNPAK v. 3.61 .L -> .LZH LHARC v. 1.13ß .P -> .PAK PAK v. 1.60 .Z -> .ZIP ZIP v. 1.02 Name.X, CRC Size Category Notes ------------- ------ -- ----------------------------------------- AIDS.EXE ?????? V The story behind AIDS, one of the more disgusting viruses in circulation, is unique. AIDS teaches people to read the fine print. Cyborg Ltd. recently sent thousands of "AIDS demo disks" to businesses and individuals all over the world. The disks supposedly educated people about the dangers of AIDS. Sounds innocent, right? Wrong. Cyborg insists that all users of this "demo" send $350 to an address in Panama simply to run the program. Regardless of whether the user pays, AIDS activates sophisticated viral code after invocation. After 90 reboots, AIDS trashes hard disks. Robert Walczy of PC Business World Magazine (England) can help anyone who has run AIDS. Voice : 01-831 9252 Fax : 01-405 2347 ARC2ZIP.EXE VC One user reports that this .ARC to .ZIP file converter inserts a virus into COMMAND.COM and into every .ZIP file that it converts. Once the virus infects COMMAND.COM, it copies itself onto any other floppy based COMMAND.COM that it can find. Be very careful of files named ARC2ZIP, for while there is a legitimate ARC2ZIP, there is also most definitely a viral one. ARC533.E VC This Virus purportedly emulates SEA's ARC.EXE as it infects COMMAND.COM. CHRISTMAS.EXEC ??? V This is the famous Bitnet virus. Around Christmas time, this program sent mail to every bitnet user with a defined "nickname" (Bitnet users use short nicknames to avoid typing long user ID's) with a picture of a christmas tree. The mail eventually reached so many people that it overloaded the system, creating a lot of yuletide headaches. PC Users do not need to worry about the Bitnet virus. The program is written in REXX, a mainframe only language, and it can only run on mainframes that use Bitnet's nickname technique. This entry, in fact, is here primarily to help clear up the confusion prevalent when talking about this virus. *.EXE, *.COM ANY V Any of your executable files may contain a virus in it. Don't Panic, though; this virus is detectable! If you have an infected file, it will increase the size of all other .EXE files run thereafter by 1808 bytes and all .COM files by 1813 bytes upon invocation. Now you know how to recognize this virus. Be sure to look out for it, because the symptoms it creates are very nasty. The virus increases the size of .EXE files repeatedly - not just once. While this is a boon in recognizing the virus, it also means that eventually all affected .EXE files will become to large to fit in memory. The virus also slows down computers by as much as 500% after it has spread. Watch for this symptom! Perhaps most deadly, on any Friday the 13th, this virus will erase AT LEAST all .EXE and .COM files that you run, and AT WORST your whole disk. The next Friday the 13th is October 13, 1989. BXD.C 6363 21376 VC This virus scrambles FAT tables after a certain amount of time from the initial run. 6363 is the CRC. COMMAND.C ????? V This is a traditional Virus. Originating in colleges and universities across the nation, and in particular at Lehigh College, this virus will embed itself in COMMAND.COM. The Lehigh version copies itself onto FOUR floppies before scrambling your FAT and initiating a format. Beware! the virus does NOT change the filesize of COMMAND.COM, but it does change the date. Write protecting your floppies will save you from the Lehigh Strain. DEFENDER.A V DEFENDER not only low level formats your HD, but it also wipes your CMOS clean. If you don't have a software based setup program on another disk, you will be forced to send your motherboard back to the factory for a new CMOS installation. "The Duplicators" claim responsability for this virus. DRSLEEP.Z 5???? V Dr. Sleep replicates all files in the parent directory and all files one level lower. Eventually your system will crash, unable to distinguish between two COMMAND.COM's, IBMBIO.COM's, and IBMSYS.COM's. Use the PD program REPEAT.COM to check and see if this virus hit you. FLUSHOT3.C 2685 2357 V Somebody tampered with Ross Greenberg's CRC Bytes Viral protection program, v. 3.0. The virus version sucks the life out of your FAT's over a period of approximately a dozen boots. After that, it completely erases your FATs. I strongly recommend that you update your copies of Flu_Shot+ from either Compuserve, Mr. Greenberg's BBS, or Channel One BBS. QMDM31B.A ?????? V John Friel confirms that he never released a v. 3.1b of Qmodem. This version, which is less than 1 KB bigger than the Archive for 3.1a, will add 17 bytes to your IBMBIO.COM file. Beware; while I don't know how this virus works, I do know that there's NEVER any reason to add 17 bytes to IBMBIO.COM. Note: IBMBIO.COM is a READONLY file. In other words, here is the first trojan that can write past a "write protect;" this virus acts when it theoretically shouldn't be able to. ONTOP.Z ?????? VC Ontop is Xrated GRASP Animation. Apparently someone modified a working file, adding code that modifies COMMAND.COM and code that corrupts just about every file on disk. After a short time period, the virus supposably slowly erases HD's. Be careful with this one! SCAN.Z ????? VC Someone tampered with v. 1.4v19 of John McAfee's Virus Scan program. Use v. 1.4v45 or later, which supports a run-time self-test designed to detect such tampering. The viral version shows (C) 1989 by Wiley Soft. UNIX VC Version 4.3 of UC Berkley's UNIX is apparently an INTERNET virus which travels by mail packet. Beware. VIRUS.C 14847 20474 VC VIRUS.ZIP advertises itself as CRC Bytes protection against viruses. In fact, it seems to be a virus itself. More information should be forthcoming, but for now excercise caution. Note the irony of the filename; look out for delicate ironies like this. WORDSTAR 360k V Some pirated copies of Wordstar and other commercial programs have "The Dungeon" virus implanted in them. According to the grape vine, Computer users who bought pirate software at cutthroat prices imported this virus into the USA from Pakistan. The boot sector of "The Dungeon" virus contains the string: "Welcome to the Dungeon." "The Dungeon Virus" is fairly recognizable because it adds 1820 bytes to every .COM file on your HD. The symptoms are also unique: every once in a while the virus will erase the lower left hand corner of the screen. WOW.C V This is the infamous 1701 virus. Upon WOWTITLE invocation, WOW will draw a cute ANSI screen as it injects itself into EVERY .COM file on your disk drives. The virus is labeled the 1701 virus for two reasons: 1. Every .COM file on disk grows by 1701 bytes. 2. Eventually the virus forces a '1701' error - which is the error code for a busted HD. Be alert for this virus. If you are hit, a vaccine is available at both Crest and Channel One BBS's.