home *** CD-ROM | disk | FTP | other *** search
- VIRUS-L Digest Wednesday, 20 Sep 1989 Volume 2 : Issue 198
-
- VIRUS-L is a moderated, digested mail forum for discussing computer
- virus issues; comp.virus is a non-digested Usenet counterpart.
- Discussions are not limited to any one hardware/software platform -
- diversity is welcomed. Contributions should be relevant, concise,
- polite, etc., and sent to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's
- LEHIIBM1.BITNET for BITNET folks). Information on accessing
- anti-virus, document, and back-issue archives is distributed
- periodically on the list. Administrative mail (comments, suggestions,
- and so forth) should be sent to me at: krvw@SEI.CMU.EDU.
- - Ken van Wyk
-
- Today's Topics:
-
- Re: Macintosh Virus
- datacrime question (PC)
- Possible virus? (VAX/VMS)
- RE: VirusDetective questions (Mac)
- RE: Centel Corp. and ViruScan
- Re: VirusDetective questions (Mac)
- DataCrime antidote: NOCRM11.ARC availability (PC)
-
- ---------------------------------------------------------------------------
-
- Date: 20 Sep 89 11:56:23 +0000
- From: shull@scrolls.wharton.upenn.edu (Christopher E. Shull)
- Subject: Re: Macintosh Virus
-
- In article <0001.8909191859.AA09184@ge.sei.cmu.edu> JOHN P. BRADLEY writes
- that he has found the Macintosh Scores virus, and asks about how to proceed
- with eradication and user education.
-
- Since the Decision Sciences Department teaches the largest Mac-based
- course at the University of Pennsylvania, we have taken the lead in
- user education. Who else on campus has a captive audience of >600
- students each year? :-) Our instructors encourage students to drop
- Vaccine 1.1.1 into their system folders (explaining that it was like
- practicing safe sex, but less intrusive). We also taught them how to
- use Disinfectant 1.2. Although we resent having to take time from
- teaching to cover this, the peace of mind of the students is well
- worth the effort. Furthermore, the hot-line and walk-in consulting
- staff have many fewer problems since students are encouraged to pass
- along the programs and the minimal knowledge required to use them.
-
- If we didn't have a captive "seed" group, I would probably try to run
- some special noon-time seminars on Mac virus detection, removal, and
- prevention.
-
- We are just now trying to get offices which have frequent contact with
- student diskettes to go further than just protecting themselves, and
- perform first tier advice to their "clients". (In some cases, we are
- still trying to get them to protect themselves -- one Mac II user I
- worked with yesterday had 44 nVIR A and B infections on his hard disk,
- and didn't have the foggiest idea!)
-
- At the very least, the latest versions of the tools mentioned above,
- plus GateKeeper (for sophisticated users) should be readily available
- in a well publicized location. (My teaching lab remains the only one
- on campus. :-( )
-
- Good luck,
- - -Chris
-
- Christopher E. Shull shull@scrolls.wharton.upenn.edu
- Decision Sciences Department shull@wharton.upenn.edu
- The Wharton School University of Pennsylvania
- Philadelphia, PA 19104-6366 215/898-5930
- - ---------------------------------------------------------------------------
- "Damn the torpedoes! Full speed ahead!" Admiral Farragut, USN, 1801-1870
- - ---------------------------------------------------------------------------
-
- ------------------------------
-
- Date: Tue, 19 Sep 89 19:13:00 -0400
- From: IA96000 <IA96%PACE.BITNET@VMA.CC.CMU.EDU>
- Subject: datacrime question (PC)
-
- if you use fdisk to create a dummy partition of lets says 2
- cylinders and then create a second normal active dos partition
- will this prevent the virus from destroying track zero?
-
- seems like it might to me...how about some comments!
-
- ------------------------------
-
- Date: Wed, 20 Sep 89 08:59:00 -0400
- From: System Manager <MANAGER@JHUIGF.BITNET>
- Subject: Possible virus? (VAX/VMS)
-
- I recieved this from Info-VAX today. I think it may be of interest.
-
- Damian Hammontree
- System Programmer, Johns Hopkins School of Medicine
- MANAGER@JHUIGF.BITNET
-
- Message follows:
-
- Comments: From IVERS@CMR.MFENET on 19-SEP-1989 23:36:02.73 EDT
- Comments: To: info-vax@kl.sri.com
-
- On Monday morning, our users (including the system manager) were
- surprised to find that they could no longer log in to our VAX 11/750
- (VMS V4.5). Coincidentally, one user reported the appearance of
- several files in his directory with names like WARNING., VIRUS., and
- ATTACK.. He thought it was a joke and said nothing at the time the
- files appeared.
-
- The system was booted with UAFALTERNATE =1. It appeared that
- SYSUAF.DAT was intact, but the passwords were no longer valid. A
- SYSUAF.DAT file was restored from a backup set and new passwords were
- issued. The problem is that now when more than 2 users attempt to use
- the system, a message of the type LICENSED NUMBER OF SYSTEM USERS
- EXCEEDED appears.
-
- As for the "virus" files - all that remains are subdirectories of
- names similar to the files reportedly seen by the user (one of them is
- called [.DEADLY-VIRUS]).
-
- Any ideas as to the cause or cure of the LICENCED NUMBER OF...
- problem, or insight into the nature of the "virus" would be
- appreciated.
-
- Thanks in advance,
- Tom Ivers (system manager)
- Columbia U. Plasma Physics Lab
- Internet: IVERS@CUPLVX.APNE.COLUMBIA.EDU
- MFEnet: IVERS@CMR
-
- ------------------------------
-
- Date: Wed, 20 Sep 89 09:22:55 -0400
- From: dmg@lid.mitre.org (David Gursky)
- Subject: RE: VirusDetective questions (Mac)
-
- What version are you using? The latest and greatest is 3.0.1. I've
- been using it with no problems. [On the other hand, the systems I am
- using it on are clean according to it and Disinfectant 1.2...]
-
- ------------------------------
-
- Date: Wed, 20 Sep 89 09:36:26 -0400
- From: dmg@lid.mitre.org (David Gursky)
- Subject: RE: Centel Corp. and ViruScan
-
- Why does McAfee's note about Centel and Viruscan bug me? Correct me
- if I'm wrong, but is not Viruscan shareware? I certainly understand
- John's concern about the possible loss of revenue because people
- mistakenly believe they have "purchased" Viruscan, rather than paid
- Centel for the distribution cost (as an aside, I somehow find $25 to
- be awfully high for what Centel is purporting to be doing). In any
- event, it strikes me that the tone of John's message is to the effect
- of "I want you to get your information from me and no one else". If
- my interpretation is indeed correct (and I apologize in advance if it
- is not), is this the type of attitude VIRUS-L wishes to promote? It
- is not in anyone's interest to restrict the flow of information on
- countering viruses.
-
- [Ed. VIRUS-L wishes to _facilitate_ the open discussion of virus
- issues and information, neither endorsing nor condemning the opinions
- of its contributors.]
-
- Disclaimer: Dis is soup. Dis is Art. Soup. Art. [Apologies to L. Tomlin.]
-
- David Gursky
-
- ------------------------------
-
- Date: Wed, 20 Sep 89 14:33:49 +0000
- From: yale!slb-sdr!sdr.slb!shulman@uunet.UU.NET (Jeff Shulman)
- Subject: Re: VirusDetective questions (Mac)
-
- awinterb@udenva.cair.du.edu (Richard Nixon) writes:
-
- >Has anyone used VirusDetective for the Mac? We've
- >used it, but it seems to detect viruses in files that
- >we doubt are affected.
-
- I have (but then again I wrote it! <standard disclaimers>).
- VirusDetective (VD) is only as good as the search strings used. VD
- 3.0.1 (the latest) is distributed with search strings that detect all
- known *active* Mac viruses. With the latest search patterns I have
- seen NO cases of "false" alarms. Some earlier search strings (say
- CODE Size xxx) to test for a virus *could* match legitimate CODE
- resources. So, without knowing what version you are running nor the
- search strings you are using you may very well be getting matches
- where no virus actually exists. Standard example of Garbage In,
- Garbage Out.
-
- >How reliable is this bit of software?
-
- I have not seen any known virus get past VD 3.0.1. VD is the only
- program (to my knowledge) that can be user configured to search for
- any new virus (or *any* resource for that matter) as soon as a virus
- is discovered thus you do not need to obtain a new version (costing $$
- from commercial vendors) when a new virus is discovered. NOTE: I *do*
- send out notification of new search strings to my registered users but
- you are apt to see them in Usenet first.
-
- Jeff Shulman
- VirusDetective author
- - --
- uucp: ...rutgers!yale!slb-sdr!shulman
- CSNet: SHULMAN@SDR.SLB.COM
- Delphi: JEFFS
- GEnie: KILROY
- CIS: 76136,667
- AppleLink: KILROY
-
- Disclaimer: VD has absolutely nothing to do with my "day" job at SDR and
- opinions, etc. herein should not be construed as coming from SDR.
-
- ------------------------------
-
- Date: Wed, 20 Sep 89 11:09:27 -0500
- From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
- Subject: DataCrime antidote: NOCRM11.ARC availability (PC)
-
- Version 1.1 of NoCrime has been sent to the IBMPC anti-viral archive
- sites. This program is meant to combat the DataCrime virus strains
- receiving so much publicity lately. This file, NOCRM11.ARC, replaces
- version 0.1 sent out previously under the name NOCRIME.ARC.
-
- NOCRM11.ARC Fights the DataCrime viruses.
-
- Jim
-
-
- ------------------------------
-
- End of VIRUS-L Digest
- *********************
- Downloaded From P-80 International Information Systems 304-744-2253
-