VIRUS-L Digest Monday, 17 Jul 1995 Volume 8 : Issue 66 Today's Topics: Re: Software damaging hardware (claimed) Re: Satan (the controversial security computer program) Re: Re: Virus from commercial software? Re: bbs to report viruses? Re: Essays about "Why do people write viruses?" Searching for a citation Re: Re: Viruses in binaries? Maybe. Re: WindowsNT virus/anti-virus? (NT) Re: OS/2 and possible virus (OS/2) Re: OS/2 viruses (OS/2) Re: invircible? (PC) Re: Author of NATAS found (PC) Re: question regard NYB virus (PC) Re: Need anti-virus tools to clean "Bupt" ("WELCOMEB") viurs!!! (PC) Re: Monkey Virus? What is it? (PC) Re: Suspicious virus NOT being deleted. HELP!! (PC) Re: Re: Monkey B virus (PC) Re: scan and f-prot (PC) Re: Roman (PC) Re: Magic and Beijing Virus (PC) Re: Seeking the Scanner program to clean the "Bupt" or "WELCOMEB" virus (PC) Re: Scanner Invokes Disk Killing Virus? (PC) Re: Infected!! Anti-Cmos A (PC) Re: Information re: "Generic Viruses" (PC) Re: Do I have a virus? (PC) Re: Re: Crosslinked files (PC) Re: Announcement: New anti-virus site (PC) Re: Re: Need help on removing Stoned virus(PC) Re: My Bout With Urkel : A CyberVirus Story (PC) Re: Info on D3 virus? (PC) Re: BackForm !!! (PC) Re: Send me info on virus _1054!!! (PC) Re: JUNKIE (PC) Re: Form Virus in memory (PC) Re: Getting rid of ANTIEXE? (PC) Re: I need some information about Antivirus Benchmarks (PC) RIPPER virus (PC) Re: Re: Crosslinked files (PC) Re: Yonyu Virus Fixes (PC) Re: THDpro11 intermitant ansi screen (PC) Re: QRRY ? How do I get rid of it? (PC) Re: MANUEL NUNO(MEX) (PC) Re: Info on INOCULAN antivirus (PC) Re: Removing virus from a non-boot diskette (PC) Re: AVPLITE [beat] RELEASED! (PC) Re: F-PROT 2.18a ? (PC) Re: KELA.7135/2010 (PC) Re: new virus leeRIS, infect .com in PC (PC) Re: Re: Win95 and Anti-virus prorams? (PC) IBM Antivirus (DOS/Windows) WildList for July 1995 Re: Files on risc.ua.edu (PC) CFP: ISOC Symposium on Network and Distributed System Security VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a gatewayed and non-digested USENET counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. (The complete set of posting guidelines is available by FTP on CORSA.UCR.EDU (IP number 138.23.166.133) or upon request.) Please sign submissions with your real name; anonymous postings will not be accepted. Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. A FAQ (Frequently Asked Questions) document and all of the back-issues are available by anonymous FTP on CORSA.UCR.EDU. Administrative mail (e.g., comments, suggestions, beer recipes) should be sent to me at: krvw@ASSIST.MIL. All submissions should be sent to: VIRUS-L@Lehigh.edu. Ken van Wyk ---------------------------------------------------------------------- Date: Mon, 19 Jun 95 04:21:17 -0400 From: "A.Appleyard" Subject: Re: Software damaging hardware (claimed) Daily Telegraph Magazine (Sat 17 June 1995) (one of various supplements that come on Saturdays with the Daily Telegraph (UK newspaper)), pp 24-30, anonymous article "Manhunt for Mr.Cyberpunk, how the world's most devious hacker [Kevin Mitnick] was run to ground", p26 left column:- "Tsutomu [Shinomura] has built software that can destroy an alien computer." says Brosl Hasslacher, a physicist at Los Alamos National Laboratory in New Mexico [in USA], "They are essentially viruses that can, for example, tell the computer to sit in one register until it melts the circuitry in the chip or command the hard drive to hit the same track 33,000 times - until it destroys the drive.". Many security wizards doubt such tools could work on anything but old-fashioned personal computers, and Shinomura, perhaps wary of giving away his secrets, would not comment. Fortunately these weapons - whatever their capabilities - were stored in a safe place. ------------------------------ Date: Mon, 19 Jun 95 04:23:29 -0400 From: "A.Appleyard" Subject: Re: Satan (the controversial security computer program) Daily Telegraph Magazine (Sat 17 June 1995) (one of various supplements that come on Saturdays with the Daily Telegraph (UK newspaper)), pp 24-30, anonymous article "Manhunt for Mr.Cyberpunk, how the world's most devious hacker [Kevin Mitnick] was run to ground", p28 right column:- "a controversial ... program called Satan (an acronym for Security Adminis- trators Tool for Analysing Networks) [presumably to be distinguished from the `Satan(bug)' virus], which allows anyone to probe the security flaws in a machine as easily as clicking open a file on a Macintosh. It's a double-edged sword: great for quick security checks, but it also has the potential to transform every 13-year-old geek with a modem into an expert cracker.". ------------------------------ Date: Mon, 19 Jun 95 12:35:02 -0400 From: "Daniel M. McCracken" Subject: Re: Re: Virus from commercial software? Commercial software packages have been found to have viruses in them, but it is not a common occurrence. There are several scenarios where a software manufacturer or dealer may accidentally infect a diskette that gets into the software "on the shelf." A good rule of thumb - Practice Safe Hex. Scan all diskettes & downloads! - -- ************************************* The opinions I express are my own and NOT those of any institutions. ************************************* ------------------------------ Date: Wed, 21 Jun 95 20:28:44 -0400 From: d-cowan@ix.netcom.com (Derek Cowan) Subject: Re: bbs to report viruses? I've heard that IBM (I think) has a bbs to upload notices of new viruses to & to get new scanners & cleaners for newly discovered viruses. Does anyone here know if this exists or if there is an internet address similiar to this. Thanks Derek ------------------------------ Date: Sat, 24 Jun 95 05:15:02 -0400 From: <100442.3221@compuserve.com> Subject: Re: Essays about "Why do people write viruses?" Hi there! I am a student at a German university looking for information on viruses. I am working on a study on "Why do people write viruses?". If you know of any essays or books on this subject please let me know by mail! All information appreciated! Thank you very much Colja ------------------------------ Date: Tue, 27 Jun 95 17:33:38 -0400 From: Cistron User Account Subject: Searching for a citation I'm looking for the name of the person who said "computer viruses are a urban myth. Just like the story about alligators in the sewers of New York" Please mail any answers that can help me to my e-mail address ollie@cistron.nl thanks for your help [Moderator's note: I _think_ that that was John Dvorak, in one of his PC Magazine columns, circa 1987 or 1988.] ------------------------------ Date: Mon, 03 Jul 95 13:32:03 -0400 From: linguipunk@aol.com (Linguipunk) Subject: Re: Re: Viruses in binaries? Maybe. It *is* possible in theory. It's unlikely, but intruiguing. Which means someone will probably do it someday. Will they be able to deliver a viable payload too? That's something else again. Two design scenarios. One, you only have an executable of the application. You use a debugger and run the data input one instruction at a time, coming to understand every function call while looking for you have little idea what. Then, finding a weakness, you have to go back and verify it for each program state that might affect it. Good luck. Now, if you had source code for the application and an understanding of how the source compiles to the target (executable), things are easier. But when do you have the source? I'd also guess that the data input part is fairly simple and less likely to have a bug (exploitable or not) than most things. I haven't studied the Internet Worm, but I'm pretty sure that all UNIX applications (at least of the time) shipped in source code format. Even the compiler. For these reasons, that would make an exploitable error *much* easier to spot than in a closed DOS/MAC system. Remember too that UNIX was a hackers system, they assumed a more or less trustworthy environment so security wasn't a development priority. It's come a ways since the Internet Worm. I liked the analysis of good times from a memetic (wetware virus) point of view. A valid point. I might add that user hysteria over these attacks could make it harder to combat a real one if it ever came along. (The crying wolf thing.) - -Dean ------------------------------ Date: Mon, 19 Jun 95 18:27:34 -0400 From: tmh2708@omega.uta.edu (T.M.Haddock) Subject: Re: WindowsNT virus/anti-virus? (NT) Sorry if this has been covered but I didn't find it in the FAQ. I see stuff on DOS/Win/OS2 virus/anti-virus but nothing about NT. Are there any MS WindowsNT anti-virus programs and virus information? Thanks in Advance, TRAVIS - -------------------------------------------------------------------------------- Travis M. Haddock | University of Texas at Arlington Ph: 817-273-3321 | CAESAR - PRISM Fax: 817-273-3322 | 416 Yates St, #19066 Email: thaddock@csr.uta.edu | Arlington, TX 76019 - -------------------------------------------------------------------------------- ------------------------------ Date: Tue, 27 Jun 95 09:19:51 -0400 From: smckee@arlut.utexas.edu Subject: Re: OS/2 and possible virus (OS/2) I have had several occurences of what appears to be a virus on my OS/2 based PC. The system will boot up and then the cursor begins rushing around the screen opening and closing items, rearranging my desktop, and even deleting or copying files. Any help out there? Thanks, Shawn ------------------------------ Date: Mon, 03 Jul 95 10:14:45 -0400 From: petteri@pjoy.fi (Petteri Jarvinen) Subject: Re: OS/2 viruses (OS/2) >>comforting thought. I have to wait until someone discovers an OS2 >>virus b/f anyone will make a virus detection program????!!! > >uh...there are already at least two OS/2 viruses... What kind of viruses are they? Have they been found at large or at some VX BBS? - ---------------------------------------------------------- petteri@pjoy.fi http://www.pjoy.fi Petteri J rvinen Oy, Tekniikantie 12, 02150 ESPOO, FINLAND ------------------------------ Date: Sun, 18 Jun 95 03:27:04 -0400 From: swolferph@aol.com (SWolfeRPH) Subject: Re: invircible? (PC) i'd like some info on a comprehensive anti-virus software program/ my nephew has suggested this one any others on shareware?? sw ------------------------------ Date: Mon, 19 Jun 95 04:16:23 -0400 From: "A.Appleyard" Subject: Re: Author of NATAS found (PC) From page 11 of the `Daily Telegraph' (UK newspaper) Sat 27 May 1995:- COMPUTER VIRUS MAN FACES JAIL A computer expert devised viruses which cost companies about 11,000,000 pounds UK to eradicate, Plymouth [1] Crown Court was told yesterday. Christopher Pile, 26, created two bugs [2] called Pathogen and Queeg, and encouraged other users to create destructive programs. Pile of Plymouth, Devon, admitted 11 charge of misusing a computer and one charge of inciting others to distribute viruses. Granting him conditional bail, Judge Jeremy Griggs warned Pile he faced a custodial sentence. [1] in Devon in England, not in USA. [2] = viruses, here. (Flamethrower [3] on here at all silly reporters who will commit any #@% silly word misuse rather than use the same word twice). [3] There are industrial propane flamethrowers that can fire 15-18 feet (5-6 meters). One of those (with a backpack fuel tank) each, the next time we catch a virus writer ... ------------------------------ Date: Mon, 19 Jun 95 17:21:21 -0400 From: act@earthlink.net (Accelerated Computer Training) Subject: Re: question regard NYB virus (PC) I'm looking for info on the NYB virus (PC). We have a client who says the disks we sent her were infected. We copy files from a Novell 3.11 network and our Norton Anti-virus detected no problems. We buy diskettes from a vendor who says they're clean. Ideas? Also, new detection software? Thanks, Margaret Trumbull act@earthlink.net ------------------------------ Date: Tue, 20 Jun 95 03:00:52 -0400 From: Far East levingston ShipBuilding Subject: Re: Need anti-virus tools to clean "Bupt" ("WELCOMEB") viurs!!! (PC) Dear Sir/Madam, >From 29th May, a new virus spread out quickly named "Bupt" (or "WELCOMEB"). This particular kind of virus infected master boot sector of hard disk and cannot removed by the latest version SCANNER (v. 221) which downloaded via internet. The virus named different by using different scanvirus tools. When we use SCANNER (v. 221) try to clean the virus, it reported: Found the WELCOMEB virus (on Master Boot Sector) No remover! Now our company face a very serious problem if we cannot remove this kind of virus, Please give us a help. Is there anyone have the anti-virus tools can clean this kind of virus? If you have, please kindly infrom me. Could you tell me which internet site can find the more powerful anti-virus program? Kindly inform us ASAP. Best Regards, Diana Xing Far East LevingSton ShipBuilding LTD 31, Shipyard Road Singapore Our email address: felevshp@merlion.singnet.com.sg ------------------------------ Date: Tue, 20 Jun 95 12:52:10 -0400 From: nfli8059@aol.com (NFLI8059) Subject: Re: Monkey Virus? What is it? (PC) I have recently received a monkey virus on a disk. Symantex doesn't have any detail on it. Any ideas of what it does? What kind of anti-virus software is the best? I have Symantec Norton 3.0. Please e-mail me at nfli8059@aol.com or bushcbr@aol.com. Thanks, Greg Bush ------------------------------ Date: Tue, 20 Jun 95 13:37:12 -0400 From: vpomar@ix.netcom.com (Victor Pomar) Subject: Re: Suspicious virus NOT being deleted. HELP!! (PC) I have installed the latest version of F-PROT in my computer. Every time that I scan my two HD's, the following message shows up: Scans MBR of Hard Drive 1 Scans MBR of Hard Drive 2 Master Boot Sector: Possibly a variant of Stoned ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ At the end of the scanning, when the Results are shown, this is what I get: MBR's : 2 DOS boot Sector's: 2 Infected: 0 Suspicios: 1 Disinfected: 0 My question: Is there a way to get rid off of that suspicious virus?, I thought that f-prot was capable of erasing viruses from the MBR. Am I doing something wrong? Is it Ok to have that suspicious virus there as long as the computer is, or seems, to be working without a problem?? I would really appreciate your help. ------------------------------ Date: Tue, 20 Jun 95 17:11:06 -0400 From: tdcomp@supernet.ab.ca Subject: Re: Re: Monkey B virus (PC) tozer@tracy.cig.mot.com (Raymond L. Tozer) wrote: >paulfer@tibalt.supernet.ab.ca (Nicholas Paufler) writes: >>shari@stimpy.acofi.edu (Shari Saunders) says: >>>rmcghee@freenet.vcu.edu writes: >>>>Date: 10 Apr 1995 14:11:42 -0000 >>> >>>>I have an IBM PS/1 that has been infected with the monkey b >>>>virus. It is identified with Macaffe Scan. I can not get the >>>>virus remove. The machine is a friends and the hard drive >>>>would no longer boot. She took it to another guy who >>>>reformatted the hard drive and ran FDISK at least 15 time >>>>trying to get it. I tried using scan /clean, killmonk.exe, and >>>>xmonkey.exe to fix the boot sector. None of them will work. >>>>All data has been lost on the machine so if there is a way to >>>>totally wipe everything let me know please. The FDISK /MBR >>>>command has also been tried. Help, I'm lost. >>> >>>Posted this a couple of weeks ago....had monkey here at work and the ONLY >>>thing that will remove it is Norton's Antivirus. Approx. $150. Tried Central >>>Point, Symantec, and Fprot.....nothing would work. Good Luck! >>many people in my town were infected with this stupid viirus!! >>crashed my HD a coupel of times b4 i found out what it was.. >>then....purely by fluke i found a little util (just an hour before i >>was gonna wipe my hard drive) called KILLMONK.. this handy dandy >>little things removes monkey b and INT_10!! if anyone needs it, tell >>me how i can get it to you later > I was able to get rid on monkey_B using McAFee with the latest virus >list file dated 2/95. I booted from a clean DOS disk, then inserted >McAfee disk and ran scan with /clean on the infected hard drive. Good >luck. The Monkey Virus originated at the University of Alberta here in good ol' Edmonton, Alberta, Canada. You can get removal software from their FTP server at FTP.SRV.UALBERTA.CA in /PUB/DOS/VIRUS. File name is KILLMNK3.ZIP. Good luck! Foz - tdcomp@supernet.ab.ca ------------------------------ Date: Wed, 21 Jun 95 09:58:12 -0400 From: rclaessen@tschitschibabin.orgchemie.chemie.uni-tuebingen.de Subject: Re: scan and f-prot (PC) where do i find the latest versions. please tell me the ftp site. tanx a lot, rolf ------------------------------ Date: Thu, 22 Jun 95 03:28:03 -0400 From: fesofthp@estense.global.it (Paolo Hvlzl Ferrara Software) Subject: Re: Roman (PC) How can I find a antivirus for virus Roman ? ------------------------------ Date: Thu, 22 Jun 95 11:53:28 -0400 From: samchoo@singnet.com.sg (sam choo) Subject: Re: Magic and Beijing Virus (PC) Can anyone kindly explain how Beijing and Magic virus affect the hard disk and how to kill it. Need your help. Thanks. ------------------------------ Date: Thu, 22 Jun 95 22:22:40 -0400 From: felevshp@singnet.com.sg (Far East LevingSton ShipBuilding LTD) Subject: Re: Seeking the Scanner program to clean the "Bupt" or "WELCOMEB" virus (PC) Dear Sir /Madam, Now our company is facing a very serious problem. The new virus spread out quickly and up to now we don't have efficient tools to clean this kind of virus. >From 10th June, the virus named "Bupt" or "WELCOMEB" detected in our PC's master Boot sector. We downloaded the lastest SCANNER (v.221) via internet and still can not remove the virus. Is there anyone have such kind of anti-virus program can efficiently clean this particular kind of virus: the virus detected as "Bupt" virus while using novell network Intercheck scanner and detected as "WELCOMEB" virus while using the SCANNER (v.221). Anyone help us, we will be thousands appreciate! Please inform us via email or newsgroup. Hope to hear from you soonest!!! Best Regards, From Diana Xing Far East LevingSton ShipBuilding LTD. 31, shipyard Road Singapore 2262 Email: felevshp@merlion.singnet.com.sg ------------------------------ Date: Thu, 22 Jun 95 22:22:30 -0400 From: Dave Meyer Subject: Re: Scanner Invokes Disk Killing Virus? (PC) This is a new one for me..we've had two PCs suffer apparent hard disk failure this week after failing a virus-scanning routine! Is this possible that the virus (boot sector/FAT virus) is doing something like destroying the partion table when it detects that it is being scanned by a particular antivirus scanner? I do _not_ want to mention the product hear but if I get an appropriate reality check I'll contact the manufacturer. Thanks in advance. Dave Meyer The Nature Conservancy dmeyer@tnc.org ------------------------------ Date: Fri, 23 Jun 95 14:05:05 -0400 From: dwkkwong@undergrad.math.uwaterloo.ca (OVAL) Subject: Re: Infected!! Anti-Cmos A (PC) It seem like there is a outbreak in my city(Waterloo, Canada) on Anti-Cmos A. virus. Could anyone tell me more on that virus such as what part of my machine will not be working properly and is there any cleaner for this virus. I know more then 10 person right here has been infected. dwkkwong@noether.math.uwaterloo.ca ------------------------------ Date: Fri, 23 Jun 95 16:25:33 -0400 From: Larry_Pullen@mail.fws.gov Subject: Re: Information re: "Generic Viruses" (PC) Please send me any information you may have on viruses called "Generic-**" Larry Pullen ------------------------------ Date: Sun, 25 Jun 95 00:07:34 -0400 From: EMANCHON@aol.com Subject: Re: Do I have a virus? (PC) Recently I ran the Windows Antivirus and almost all my checksum had changed although the program told me I had no virus in the computer. However, I noticed a strange directory that I had not noticed before. The name was GROZZZ and it contained the following files: TRYA.EXE FIXC.BAT DBI.EXE CHKLIST.MS I promptly deleted the directory and everything works fine so far, but I would like to know if I am infected with a virus, a Trojan horse or something else.. Thanks Elena Manchon emanchon@aol.com Posted at 12:01:10 a on 6/25/95 ------------------------------ Date: Mon, 26 Jun 95 07:01:06 -0400 From: Erich Roider Subject: Re: Re: Crosslinked files (PC) I' a service tech for a medical equipment company and I have run into this before. This typically happens when the system is powered down in the middle of a program. What happens is that files are left open. This can cause problems with hard disk space getting used up or when the system is used again the hard disk starts to write over the still open (what the hard drive sees) files. The only way I know to fix this problem is to reformat the hard disk. If you have any other way to repair this please let me know. ewroider ------------------------------ Date: Mon, 26 Jun 95 08:44:51 -0400 From: Christopher Ogg Subject: Re: Announcement: New anti-virus site (PC) We are pleased to invite you to wander over to the new Home Page of MIS Europe, distributors for Europe and the Middle East of EMD Armor - over at http://www.almac.co.uk/business_park/mis/emd1.html. On the site there are software upgrades, manuals and FAQs, a competition for rocket scientists (no one has ever successfully introduced a virus onto a PC protected by EMD Armor: we'd like you to help us continue testing that), a comedy tape on viruses by one of the UK's hottest new acts on the club circuit and various other goodies. We plan to develop the site as a resource for the community so would welcome your comments and suggestions. Thanks for taking the trouble to read this. Bestest Christopher christopher.ogg@almac.co.uk owp@owpcom.demon.co.uk http://www.almac.co.uk/business_park/owp/owp1.html ___________________________________ Glaswegian Dos Prompt: C U Jimmie:\> ------------------------------ Date: Mon, 26 Jun 95 16:56:47 -0400 From: Frank Varjas Subject: Re: Re: Need help on removing Stoned virus(PC) The Stoned Virus is pretty easy to detect and remove. The shareware F-Prot and most antivirus software should have a vaccine for it. I recommend creating a bootable disk with the antivirus software. After you boot from floppy run the antivirus software that has the vaccine for the Stoned virus. - -- =========================================================================== Frank Varjas fvarjas@tad.eds.com EDS Technology Architecture Advanced Technology Group , Plano, TX ------------------------------ Date: Mon, 26 Jun 95 19:33:04 -0400 From: ktham@ejv.com (Kai Tham) Subject: Re: My Bout With Urkel : A CyberVirus Story (PC) Hello there, My Bout With Urkel : A CyberVirus Story I have a few questions to ask you folks out there. How many of you out there have experienced with a virus called Urkel? Before asking more question let me describe what is Urkel like. I believe Urkel came into my system via one of those pirated Chinese CD-Roms that one of the workmates lend me. The symptons of this virus are as follows: If you were to overwrite an existing file on a floppy (in this case, it is with a 3 1/2" diskette), Urkel will entirely corrupt the floppy. However, I am permitted to write files to a floppy if it does not exists. If I was to format a diskette after completing DOS will report zero bytes free, essentially rendering the format useless. I have used McAfee's lastest (2.3.1, evaluation copy) scan utility to scan my disk and memory. It knows about the virus but since it is a evaluation copy it does not have a cleaner. Older version of McAfee does not know about this virus. In other words, Urkel is relatively new. So, I borrowed a SCSI drive (I have a SCSI system) from a friend of mine to copy all my important files to it before reformatting mine. I happily pkzipped everything onto his drive. Then I low-level reformatted my drive (normal ODS format will not work because I believe Urkel lives on the boot tracks) and installed DOS 6.22 (I had 6.20 before). Now, I was able to see my drive (yes, while I still have the virus on my drive C: I was not able to see drive C: if I boot up with a floppy). I then tried to access drive d: which is the other SCSI drive. To my surprise and worry I was not able to access it. I then used FDISK to see what is wrong with it, FDISK reported unintelligible information about the 2nd drive. I then realized that Urkel is more menacing than I anticipated. What Urkel did was that it modified the disk descriptor information (I am not sure if this is the term for it). Essentially, every operating system needs to do things it own way (or at least it is how things are now). This includes formatting disks, laying out tracks and sector information etc. DOS does it her way and Urkel does it his way. But since Urkel knows about DOS and her ways it is not a problem for it to operate bi-modally. However, this is not true for DOS. In essence, Urkel is able to coexist with DOS. Redefining the disk descriptor information essentially confused DOS that is why I was not able to see drive d:. I heard about this sort of things about a decade ago from Apple DOS (I used to own a Apple II+). In those days game vendors have a way to make their own DOS by deviating the disk descriptor information. This will permit them to run their own things and normal DOS will not be able to see the information on the deviated disk (a cheap but effective software protection). To copy the information one needs a utility called LOCKSMITH. Second question: Is there such a thing on the PC to copy my files on a deviated disk? Can I write my own utility? The only way that I can see my captive data is to reintroduce Urkel onto my system again (this is rather difficult now because I am not really sure which CD-Roms it came from, I do not want to risk a multiple virus infection situation). The only safe way to rid of any virus is to copy your data from one computer onto another via a communication link. In this way the infected machine is just passing data not performing function on the other machine. In conclusion, I believe that the objective of Urkel is to hold your data hostage in your own system. The lesson learnt here is that never allow access without protection (analogous to safe sex). I have always carried on with the attitude that this will never happened to me. Can someone please answer the above questions or point me to the right direction. Thanks a million. Kai - -- Kai (ktham@ejv.com) ------------------------------ Date: Tue, 27 Jun 95 00:26:03 -0400 From: cd62ept@servtech.com Subject: Re: Info on D3 virus? (PC) I am looking for any information on a virus known as D3. It has infected one of the servers where I work and our MIS department has no idea what the virus does or how to get rid of it. Any information you have would be much appreciated. Thanks. ------------------------------ Date: Tue, 27 Jun 95 03:41:20 -0400 From: WeiT Subject: Re: BackForm !!! (PC) I found a virus - BackForm in my lab, but I haven't any 'AV' which can disinfect it ( f-prot 2.18 can report it without disinfection ). I appreciate any help from you. WeiT ------------------------------ Date: Tue, 27 Jun 95 04:19:52 -0400 From: "Bajan Ferenc Informatika" Subject: Re: Send me info on virus _1054!!! (PC) Three of our PC-s (486, 386) has been infected. F-Prot 2.18 has detected a file virus named _1054, and disinfected the programs (COMMAND.COM, MODE.COM, PDIPX.COM, SMC_WD.COM, etc.) Symptoms: no upper memory, ALL drivers get installed in conventional memory. (In these computers ve have CD-ROMs!) After disinfection, F-Prot founds no viruses, but no change in the memory map... Any ideas? Please reply me to address bferi@fs2.bdtf.hu directly! Thanx for any help! - ---------------------------------------------------------------------- /_/_ /_/_/_/_/_ /_ /_ /_ Ferenc Bajan /_ /_ /_ Centre of Informatics /_ /_/_ /_/_/_/_ BDTF Szombathely /_ /_ /_ H-9700 Szombathely /_ /_ /_ Karolyi G. ter 4. /_/_/_/_/_ /_ bferi@fs2.bdtf.hu - ---------------------------------------------------------------------- ------------------------------ Date: Tue, 27 Jun 95 10:25:46 -0400 From: huffy@deakin.edu.au (ADAM JON HOUGH) Subject: Re: JUNKIE (PC) Computer infected with Junkie and/or junkie.boot virus. What proceedures are required to remove and clean. Does not appear to stop processing (486 dx-66, CDROM) but as Windows is loaded message from McPhee warns that 32 bit driver can not be loaded. ADVISE. ------------------------------ Date: Tue, 27 Jun 95 23:21:18 -0400 From: kmccann@mail2.sas.upenn.edu (Katie McCann) Subject: Re: Form Virus in memory (PC) After several strange things started happening to my computer, I just discovered that I've got the Form Virus in my memory. I've got Norton Anti-Virus, which ran, said the virus was in the memory, and said that the computer was halted, and to boot it from the write-protected Rescue Disk. I'm assuming that's something that came with NAV, but I've lost the box, and so I don't have it. So I'm assuming Ineed to go out and buy another copy. BUt what I'm worried most about is the memory. Becuase prior to discovering that I had the virus, I noticed that my computer said I had only about 3.7 megs of RAM rather than 4. Is this damage permanent? ANd how can it be undone? I'm pretty cluless aobut the whole virus thing, so any help will be greatly appreciated. Thank you, katie - -- Katie McCann kmccann@mail.sas.upenn.edu katie_mccann@compuware.com http://www.sas.upenn.edu/~kmccann ------------------------------ Date: Wed, 28 Jun 95 10:08:38 -0400 From: l-field@tamu.edu (Larry Field) Subject: Re: Getting rid of ANTIEXE? (PC) I have a user who's gotten ANTIEXE on their PC. They have cleaned it off the infected diskettes but cannot seem to get it off the hard drive's MBR. What is the best (only?) way to get rid of this virus off the MBR? Thanks, Larry Field - Senior Systems Analyst Texas A&M University - B/P/P Operations Center Voice: (409) 862-2763 Fax: (409) 845-7973 Internet: l-field@tamu.edu ------------------------------ Date: Wed, 28 Jun 95 16:23:43 -0400 From: Gabriel Barrera Subject: Re: I need some information about Antivirus Benchmarks (PC) Hello: I want to prove some antivirus, but I don't know why can I do it?, Please If you know some benchmarks. Thank you for your help, I do my best effort. My email is gbarrera@campus.cem.itesm.mx My name is Gabriel Barrera Delgadillo.