From: Kenneth R. van Wyk (The Moderator) Errors-To: krvw@CERT.SEI.CMU.EDU To: VIRUS-L@IBM1.CC.LEHIGH.EDU Path: cert.sei.cmu.edu!krvw Subject: VIRUS-L Digest V3 #183 Reply-To: VIRUS-L@IBM1.CC.LEHIGH.EDU -------- VIRUS-L Digest Wednesday, 14 Nov 1990 Volume 3 : Issue 183 Today's Topics: re: Mac virus question (Mac) Checksums/reboots (PC) Re: Halloween virus? (PC) Re: Mac virus question (Mac) Re: Mac virus question (Mac)clko Anti-Virus products? (PC) (Mac) Re: Trojan Warning: SCANV70 (PC) Novell answer (PC) Populations needed to spread viruses Publication Re: How safe are FTP sites from viruses? Twelve Tricks (PC) Sudden reboot (PC) Re: Strange Behavious (Virus?) On Novell LAN (PC) Re: virus checking software for PCs (PC) Weird/Virus behaviour on LAN? Stoned virus on 3.5" diskette (PC) History of virus, reference sought Virus "WDEF A", help! (Mac) SAM vs. Disinfectant (Mac) Re: Is this a MAC Virus attack? (Mac) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. Please sign submissions with your real name. Send contributions to VIRUS-L@IBM1.CC.LEHIGH.EDU (that's equivalent to VIRUS-L at LEHIIBM1 for you BITNET folks). Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. Administrative mail (comments, suggestions, and so forth) should be sent to me at: krvw@CERT.SEI.CMU.EDU. Ken van Wyk --------------------------------------------------------------------------- Date: Thu, 08 Nov 90 12:02:32 -0800 From: well!odawa@apple.com (Michael Odawa) Subject: re: Mac virus question (Mac) > In Virus-L 3:181, Joe McMahon writes, >> From: "Terry (TR) Roebuck; 966-4841" >> there were at least 4 different versions of the system on the disk... > This is *extremely* bad thing number 2. Doing this kind of thing > almost guarantees that sooner or later the Resource Manager is going > to get confused and start loading from the wrong System file... Joe is correct in his conclusion, though he reflects a common misunderstanding about the Mac. There is nothing in the Macintosh operating system itself that precludes multiple system files on a single disk. I have five on mine right now. The Resource Manager never gets confused, nor do any of the other O.S. or application software facilities. It's all very clear on the inside of the machine. What _is_ problematic about multiple system files is that it's extremely difficult for the _human operators_ to keep track of which is the "real" System file, without careful and deliberate management procedures. Some resources such as fonts, INITs, application preferences, etc., therefore get thrown into the "wrong" system folder, yielding a performance profile at variance from what the user expects. Therefore Joe is correct in recommending against multiple system files. I'd like to extend this warning by offering the following procedures for managing the Macintosh System file. 1. Always keep the System Folder in the lower-left corner of the boot disk's desktop. Just as maps normally put North at the top, it's useful to have a convention, and the lower-left corner is both common among other users and aesthetic to the eye. 2. Never keep more than one System file on a single disk, unless there is a strong and persuasive reason to do so. 3. If there _is_ reason to keep multiple System files, every such file should be kept in a separate folder which contains the complete set of system files (i.e., Finder, System, print drivers, etc.) for that version. Each of these versions will be a separate operating environment, so keep a separate copy of your favorite virus scanning program (such as Disinfectant INIT, SAM, Virex, Rival, etc.) in each folder. 4. Each of these full system folders should be clearly labelled with its distinguishing characteristics (e.g., "System 6.0.7", "System 6.0.4", "KanjiTalk System"). These system folders should all then be placed into a single folder, which should be labelled "System Folder" and kept in the lower-left corner. 5. Use the shareware product Blesser (or equivalent) to switch between systems. Be deliberate about which system you use, and always reboot after changing systems. 6. Remember that you can always determine which system version is in use by choosing "About the Finder..." from the Apple Menu when running the Finder, or by observing which of the sub-folders within the System Folder contains the Macintosh picture on its Icon. 7. If you don't know what the Finder is, you shouldn't proceed beyond step 2 above. :-) Happy computing, Michael Odawa Simple Software odawa@well.sf.ca.us ------------------------------ Date: 08 November, 1990 From: Padgett Peterson Subject: Checksums/reboots (PC) Herbert Lin writes >I'm looking for a virus checker for an IBM PC that has the following >characteristics: >- -- Not memory resident, and so does not check for infections in real :time >- -- runs any program I call after first checking a checksum or CRC >against a pre-stored library (and warning me if a difference is >found). >- -- user-adjusted formula for checksumming >- -- will calculate >checksums for me. Some time ago I wrote a .COM file to do this. 1100 bytes & took about 2 hours using MASM (I'm slow). You give it a file name & it generates a checksum. You give it a filename & checksum and it checks the file. Runs at about 50k/second on a 4.77 mhz machine. Generates an errorlevel of 0 if passes and 1 if fails. Put it in a batch file & it will check files (or itself) then run the executable. Write it yourself and you can use your own seed/ algorithm. Use interrupt 21 fn 3d, 3e, 3f, & 4c. For speed, read in 2k chunks. As an option, you could use fn 4B to launch the program if it verifies & you gave it a signature (or be really cute and use Int 2E). Good for things like the Jerusalem/Sunday but it will not detect 4096, Whale, or other "stealth" infections when they are resident. Incidently, re reboots: do remember seeing some original PCs exhibit this behaviour when an undersized power supply warmed up. The 5v supply dropped below what the unit could run on and they would reboot. Just a possibility. ------------------------------ Date: 09 Nov 90 07:32:57 -0600 From: kleine@zeus.unomaha.edu (Stephan G. Kleine) Subject: Re: Halloween virus? (PC) False alarm. We have found that the 'virus' symptoms were in fact due to a hardware problem. The cable to the drive was only partially plugged in. The power and read signals reached the drive ok, but the write signal was not making contact with the drive. - ------------------------------------------------------------------------------- | Stephan G. Kleine | "Time is a luxury that I do not [KLEINE]@zeus.unomaha.edu | possess." SGK University of Nebraska-Omaha | | - ------------------------------------------------------------------------------- ------------------------------ Date: 09 Nov 90 13:39:50 +0000 From: panix!alexis@cmcl2.nyu.edu (Alexis Rosen) Subject: Re: Mac virus question (Mac) XRJDM@SCFVM.GSFC.NASA.GOV (Joe McMahon) writes: >>From: "Terry (TR) Roebuck; 966-4841" >> ... Disk >> seems fine (physically). Only clue was that there were at least 4 >> different versions of the system on the disk; probably the result of >> poor application install practices .... > >Aaaaack! >This is *extremely* bad thing number 2. Doing this kind of thing >almost guarantees that sooner or later the Resource Manager is going >to get confused and start loading from the wrong System file... At >that point it's Katie-bar-the-door; no one can predict exactly what >will happen. Except that it probably will be bad. Just a minute... This is a popular rumor that has, as far as I know, no basis in fact. The res. manager does _not_ get confused (about that, anyway). The problem with multiple System files is twofold: 1) On older systems, it wasn't to difficult to crosslaunch and wind up with a different active system file than the one you booted with. Like, one without the fonts and DAs you use all the time. Or possibly even without resources that are needed by drivers or INITs (I'm less certain of this- need to think about it...) 2) On newer systems (or rather, those which are running MultiFinder), you can't crosslaunch. The problem is reduced to the possibility of one of the other systems getting blessed accidentally, with annoying results. >2) Make up a sign and post it near the Mac saying "Did we do the > backups?". Even better, make up a startup screen that says the > same thing. I can help on that if you need advice. Now that's an idea I like... - --- Alexis Rosen Owner/Sysadmin, PANIX Public Access Unix, NY {cmcl2,apple}!panix!alexis ------------------------------ Date: 09 Nov 90 19:43:09 -0500 From: maimer@kuhub.cc.ukans.edu Subject: Re: Mac virus question (Mac)clko XRJDM@SCFVM.GSFC.NASA.GOV (Joe McMahon) writes: > Recommendations: > 2) Make up a sign and post it near the Mac saying "Did we do the > backups?". Even better, make up a startup screen that says the > same thing. I can help on that if you need advice. > > --- Joe M. Some of the backup programs now available have timing abilities to "remind" the user to do the backup (Mac: "I want to do a backup, quit and feed me some disks."). After setting up the program, all the user has to do is feed the computer the floppies or turn on the tape drive. These include FastBack II and Retrospect. If they don't want to get new software, some macro making software will wait for a specific time and then go through a sequence of commands which could include backups. I know AutoMac III will do this. |\ \\\\__ Anthony Maimer | \_/ o \ __ > _ (( <_ / | | / \__+___/ / | |/ |/ /o /_/| < )) _ < maimer@kuhub.cc.ukans.edu \ \ \| \ | +++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------------ Date: 09 Nov 90 13:57:00 +0000 From: pcasey@inmet.inmet.com Subject: Anti-Virus products? (PC) (Mac) Hi, I have been asked by my project to gather information on anti-virus products for PC-DOS and McIntosh machines. I have found an abundance of them out there, but I need to hear from people who have actually used any products - commercial or shareware. So, if you currently use any anti-virus products, I would appreciate it if you could relay me the following information: -product function( i.e. virus detection, prevention) -ease of use, performance impact -effectiveness -approximate cost -recommended/not recommended -who makes it and where I can get it -any other comments Thanks ! E-mail is fine. I will post a summary if anyone is interested. Paul Casey pcasey@inmet.inmet.com Intermetrics, Inc. Cambridge, MA. (617)661-1840 ------------------------------ Date: Sat, 10 Nov 90 10:17:50 +0000 From: s37775d@taltta.hut.fi (Pandy (A. Holmberg)) Subject: Re: Trojan Warning: SCANV70 (PC) An interesting question is what the name of the next MacAffee Scanv will be as versions 68 & 70 (at least) are TROJANS! How can we trust this software in the future. On the other hand: Which applications can we *really* trust. Maybe the next release of WordPerfect is a Trojan. The only thing we can do is hope that the creators of computer viruses will either grow up or drop dead. /pandy +--------------------------------------------------------------------------+ ! Andreas "Pandy" Holmberg Internet: pandy@spiff.hut.fi ! ! Helsinki University of Technology pandy@niksula.hut.fi ! ! Faculty of Electrical Engineering pandy@otax.tky.hut.fi ! ! Home phone: +358-0-647177 s37775d@taltta.hut.fi ! ! Address: Ratakatu 1 A 5 aholmber@otax.tky.hut.fi ! ! SF-00120 Helsinki BBS: MITS ( +358-0-4582066 ) ! ! FINLAND UUCP: ...!mcvax!santra!niksula!pandy ! +--------------------------------------------------------------------------+ ------------------------------ Date: Sat, 10 Nov 90 08:56:00 -0500 From: Preston@DOCKMASTER.NCSC.MIL Subject: Novell answer (PC) I posted a message recently about an unusual problem that was occurring on a Novell LAN, with apparent virus involvement and missing files and directories. (V3, No. 177) Thanks for all the individual replies and suggestions. I had suggested initially that the problem was a perhaps a combination of a common virus and a person problem, and made some specific suggestions for each. I talked with the person again, and he has implemented some of the security suggestions. The problem with missing directories and files has not occurred since those steps were taken. He reports that the Fu Manchu "keyboard" messages were present on a workstation, indicating an operating copy, but it did not show up in the files that were examined for infections after size changes. At least at this point it appears likely that the mystery is solved, and there are no new viruses with expanded capabilities on Novell LANs. Charles Preston ------------------------------ Date: Sun, 11 Nov 90 09:02:14 -0800 From: teda!RATVAX.DNET!ROBERTS@decwrl.dec.com (George Roberts - page 0571) Subject: Populations needed to spread viruses David A. Holland writes: >I suspect the base of C64s in active use is too small at this point to support >a virus. So it's rather a dead issue... Does this mean there are zero C64s? I agree that viruses with immediate noticable side effects need a large population of hosts to support them. However, viruses with very long delays between infection and symptom can survive because they are unnoticed. For example, a virus which is intended to alter a few records of data in a specific database and then hide itself might never be noticed, and might spread through operating systems which are few and far between over a long period of time (years). - - George Roberts ...decwrl.dec.com!teda!ratvax.dnet!roberts ------------------------------ Date: 12 Nov 90 13:05:25 +1000 From: c8847468@cc.nu.oz.au Subject: Publication Has anyone heard of a publication called "Virus News International" If so, how can I subscribe to this publication? Thanks for any help, Jonathan Coombes jcoombes@nucs.nu.oz.au ------------------------------ Date: 12 Nov 90 19:29:42 +0000 From: mitchell@thesis1.hsch.utexas.edu (Philip Mitchel) Subject: Re: How safe are FTP sites from viruses? The question was asked, "How safe are anonymous FTP sites from viruses"? I'd like to know the answer as well. A user at our site just retrieved some text files from the anonymous ftp server at apple.com and found that her floppies began to be corrupted. McAfee's virus scan identified the Stoned virus in the partition table. The only known route of "infection" was the ftp connection. By the way, what is the usual process for removing a virus such as this once found? (I know, rank beginner question...we all start somewhere). Thanks. [Ed. The only way (that I know of) to get infected by a virus via an anonymous FTP site would be to download an infected executable file and then execute it; I don't believe that this could have happened by merely downloading a text file. As such, a properly administered anonymous FTP site is as safe as a properly administered bboard system. It is always a good idea (in my opinion) to use a virus scanning product on any new software, shrinkwrap or public/shareware.] - -- Phil Mitchell mitchell@thesis1.hsch.utexas.edu "No one is to be blamed for any damned fool thing I say, either." ------------------------------ Date: Tue, 06 Nov 90 08:44:48 +0000 From: Anthony Appleyard Subject: Twelve Tricks (PC) This message wanted info re Twelve Tricks trojan:- ...................................................................... Date: 01 Nov 90 09:17:33 -0500 From: "Robert McClenon" <76476.337@CompuServe.COM> Subject: Virucide & Twelve Tricks (PC) ...................................................................... Here is an index of messages about it. It can do any one of twelve different harmful things. ...................................................................... [Twelve Tricks Trojan (PC)] long description, carried by CORETEST.COM 38 Has anyone come across [The Twelve Tricks] trojan? 55 [HELP!!! Twelve tricks trojan popped up! (PC)] info wanted about it 77 [Twelve-Tricks (PC)] there's no such thing as "twelve tricks - B" 79 [found '12 Tricks Trojan' - what is it?] what does it do? 141 ['12 Tricks Trojan' virus question (PC)] 12 Tricks in superdir.com 141 SCAN thinks that VIRUCIDE V1.2 is/has [12 TRICKS TROJAN] 144 [Hardware damage caused by virusses?] info re Twelve Tricks wanted 156 SCAN66B thinks it found [12 Tricks in virucide? (PC)] 155 [Virucide.exe.....A 12 Trojan Horse? (PC)] (SCANV66 thought it was) 175 [Virucide & Twelve Tricks (PC)] why they may contain the same code 178 [Re: Virucide.exe.....A 12 Trojan Horse? (PC)] SCAN67C found Tricks and Kennedy in VIRUCIDE.EXE; CLEAN67 found none 178 ------------------------------ Date: Mon, 12 Nov 90 15:32:00 -0500 From: Michael_Kessler.Hum@mailgate.sfsu.edu Subject: Sudden reboot (PC) I had the opposite problem on a Zenith 386SX, which, when optimized with QEMM, would freeze. It turns out that the Zenith has a "slush ROM" that it writes to high RAM, and the area it writes to should not be used for anything else. Try excluding E000-E7FF from use in high RAM. That might solve the problem. ------------------------------ Date: 13 Nov 90 13:28:48 +0000 From: news@arbi.informatik.uni-oldenburg.de Subject: Re: Strange Behavious (Virus?) On Novell LAN (PC) I have observed a similar problem on a Novell 2.12 SFT Fileserver: Parts of some .EXE-Files performing tape backup (it is Maynard Software) got zeroed out. The userid under which backup was running had write previliges on the directory containing the executables. The problem was first observed after one year running without any problems, it occured about one month ago. - --Christian - -- Christian Kuehnke * Christian.Kuehnke@arbi.informatik.uni-oldenburg.de Hartenscher Damm 65 * D-2900 Oldenburg * Earn/Bitnet: 249923@DOLUNI1 FRG ("W.-Germany") * Voice : +49 (0)441 592 652 ------------------------------ Date: 13 Nov 90 14:36:45 +0000 From: frisk@rhi.hi.is (Fridrik Skulason) Subject: Re: virus checking software for PCs (PC) HLIN@NAS.BITNET (Herbert Lin) writes: >I'm looking for a virus checker for an IBM PC that has the following >characteristics: > >- -- Not memory resident, and so does not check for infections in real >time > >- -- runs any program I call after first checking a checksum or CRC >against a pre-stored library (and warning me if a difference is >found). There are some programs which attempt to do this, but unfortunately it is nearly impossible. The reason is the existence of 'Stealth'-type viruses, where a program appears unchanged after infection. So, if you run a program infected with one of those viruses, all your programs may be infected, without appearing to change in the slightest. The program will not catch the first infected program (assuming it is new and not in the database), nor will it catch programs executed later (as the virus is then in control) Now ... I am not saying it is impossible, just that many current programs have problems with this... - -frisk ------------------------------ Date: Wed, 07 Nov 90 20:25:00 -0800 From: "George.Saba" Subject: Weird/Virus behaviour on LAN? Resent-From: "Otto.Stolz" Dear VIRUS-L subscriber, I think the following contribution from the Novell LAN Interest Group will be interseting to you, as well. If you want to comment, please direct your response both to VIRUS-L and either to the Novell Group or the original sender, George Saba . Best wishes Otto Forwarded note: > XT and AT class PC's running MS-WORD version 5.0B on an Advanced Netware > 286 Version 2.15c LAN in Seattle have either 'crashed' while attempting > to save the document they were working on, or have received a message > saying: > "You SHOULDn't print this file" > when they attempt to print it... > This started on 1-Nov-90, (I noticed the halloween notice a couple days > back) and thought I would report this as well. > > Other known symptoms so far have been: At least 2 unrelated executable > files have been 'altered'. Unfortunately, several users had SUPERVISOR > priv's. The executable file MENUPARZ.EXE (in the PUBLIC directory) had > several chunks of it 'zeroed'. It's date and size were not changed, > only it's contents. It was flagged as ROS. (But with SUPERVISOR > priv's, you can do anything, right?) > > I was contacted in an attempt to 'quantify' what was going on. > All comments are appreciated! > > George Saba ------------------------------ Date: 13 Nov 90 14:31:00 -0500 From: "David.M.Chess" Subject: Stoned virus on 3.5" diskette (PC) We've recently seen our first Stoned-infected 3.5" diskette. This may not be a new thing to everyone else, but it was to us! Since the Stoned only infects diskettes used in the A: drive, and since the first infected diskette in the world was (presumably) a 5.25" diskette, it took the virus awhile to get to 3.5" diskettes: one or more rather unusual events was required for it to get across the line (for instance, a machine with a 5.25" A: disk might have been booted from an infected floppy, infecting the hard disk, and the A: drive was then changed to a 3.5" drive, allowing the virus to spread from the hard disk onto 3.5" media; there are probably other possible channels I haven't thought of). Since the Stoned has been one of the more common viruses recently, on 5.25" disks, it probably has the potential to spread widely in the 3.5" population as well. So I thought I'd mention it... DC ------------------------------ Date: 13 Nov 90 17:05:30 -0600 From: Kelly Jones Subject: History of virus, reference sought Hi everyone and good day, Can someone help me out or point me in the right direction? I am looking for some history on computer viri. Anything will do, where did they start, who (if known) wrote the first one, what is the outlook of the computing world, how fast are these things spreading, are the "exterminators" winning the war? I am doing a research project on the spread of viri and would like some information (be it generic or specific) on the early history to present. I am also looking for any suggestions on how these things are traced (as to come up with an idea on how fast they multiply and spread). Any help would be *greatly* appreciated and would make my life a whole lot easier. You may respond to me directly or post. Thanks in advance. Kelly D. Jones BITNET: GR6588@SIUCVMB.BITNET INTERNET: GR6588@SIUCVMB.CDALE.SIU.EDU PACKET: KE9KD@WD9EBQ.IL.NA.USA.EARTH.MILKYWAY SNAIL: R.R. 2, Box 109, Carbondale, Il 62901 ------------------------------ Date: Wed, 14 Nov 90 12:04:00 +0100 From: "Willem van der Wal, ICP, NIAS" Subject: Virus "WDEF A", help! (Mac) My hard disk refuses to save files, though I can still access them Desinfectant 2.0 seems to have spotted a virus called "WDEF A". I'd rather not re-initialize the (external) hard disk. The contamination is of Israelian origin most likely. Could someone please tell me how to proceed. Many thanks, Willem van der Wal, SURF124@KUB.NL.BITNET ------------------------------ Date: Wed, 14 Nov 90 11:24:00 -0500 From: "Gerry Santoro - CAC/PSU 814-863-4356" Subject: SAM vs. Disinfectant (Mac) There is currently disagreement among our macintosh users regarding whether one should (for maximum protection) acquire SAM or Disinfectant. Up front I recognize that Disinfectant is free (in fact I have version 2.3 on my Cx) and SAM is commercial. Can anyone offer me any stronger arguments one way or the other? Since the Digest is probably not the best place to argue the ralative merits of competing packages direct email would probably be best. thanks! - ------------------------------------------------------------------------------- | | gerry santoro, ph.d. -- center for academic computing | | | -(*)- penn state university -- gms@psuvm.psu.edu -- gms@psuvm.bitnet -(*)- | | | standard disclaimer --> "I yam what I yam" | | ------------------------------ Date: 09 Nov 90 19:37:35 +0000 From: coherent!dplatt@ames.arc.nasa.gov (Dave Platt) Subject: Re: Is this a MAC Virus attack? (Mac) > The machine: > MAC SE/30; 4MB & 80 MB Apple drive running 6.04; MAChine purchased > in spring of 1989; NEVER EVER BACKED UP!!!!! and holding the > entire financial and planning records of a local dept. Clearly, the excessive concentration of carelessness in the department caused Bad Vibes to condense on the disk drive, etching away the magnetic oxide and corrupting the directory structures. ;-} > Only clue was that there were at least 4 > different versions of the system on the disk; probably the result of > poor application install practices .... <> > Question: > Does this sound like a virus, or "a random photon from the radio > galaxy"? - If it's a virus, which one? any other thoughts? Did I do > things in the right order? Was there a magic bit to flip? It sounds as if machine errors or crashes, at various times in the past 18 months, had done some low-level damage to the disk directory structures. The errors became more and more severe as time went by, due to the subsequent updating of the disk data structures. Eventually, a high-level directory entry became corrupted, and the files on the disk became inaccessible. It's known that the WDEF virus is capable of causing crashes which corrupt disk data structures... I've encountered disks which were rendered entirely unmountable as a result of WDEF-induced crashes. If the Disinfectant INIT had only recently been installed on the SE/30, it's possible that previous infections might have caused some damage to the directories, and that only now has the damage propagated enough to cause visible symptoms. It's always a good idea to perform some preventing maintenance and checking of your filesystems... run Disk First Aid periodically, run the surface-test in the SCSI HD Setup, use Disk Doctor, etc. If problems show up, it's usually a good idea to back up the disk, reinitialize, and restore the files. Based on what you say about the lack of backups, I suspect that this sort of routine check hasn't been performed on that machine. > Comment: > I could claim that the user deserved this - after all it is a lot > easier to recover from a disk/tape then to look at all those files > at the block level and determine if they should be saved; and we > push at all levels to get these people to backup - but you know, once > the data is dusted, some one has got to get it back (on the grounds > that a few days of my work is better that 1000's of hours of theirs > from an institutional point of view) Grumble. You ought to bill them for your time, if your organizational charter will permit doing so. You should also let them know that you cannot guarantee complete retrieval of their data, _or_ the correctness of any of it. Recommend that they manually inspect _every_ file that you restore, for correctness from a financial point of view. Put this in writing, with copies to your supervisor, to the head of the department that owns the Mac, and to the head-of-department's superior. You might also want to talk with your University's finance department, and ask them what the requirements are for departmental financial planners. People who have financial authority are often required (by audit requirements, and sometimes by law) to exercise due diligence in maintaining the integrity of their data. The failure of this department to maintain backups could put them at risk of disciplinary action. > Aside: > They are now buying a tape drive and I suspect will be doing > backups. ... now that the horse has escaped from the barn and has frozen to death on the tundra. ------------------------------ End of VIRUS-L Digest [Volume 3 Issue 183] ******************************************