VIRUS-L Digest Monday, 28 Oct 1991 Volume 4 : Issue 200
Today's Topics:
Can you help me with this? (Apple ][)
Re: New virus - advanced symptoms (PC)
Re: DIR II Removal Information (PC)
Re: DIR II virus and DOS 3.31 (PC)
Re: Pakistani/Ashar (PC)
Re: Virus on Mac (Mac)
Re: What is CoolCapture? (Amiga)
Possible new virus (PC)
Re: Problems with formatting (PC)
DOS 5.0 ANSI (PC)
Hardware vs Software (PC)
michelangelo virus at Z-Soft (Paintbrush) (PC)
Re: michelangelo virus (PC)
McAfee VIRUSCAN at bootup (PC)
Latest NAV 1.5 Virus Definitions (PC)
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc. Please sign submissions with your real name. Send
contributions to
[email protected] (that's equivalent to
VIRUS-L at LEHIIBM1 for you BITNET folks). Information on accessing
anti-virus, documentation, and back-issue archives is distributed
periodically on the list. Administrative mail (comments, suggestions,
and so forth) should be sent to me at:
[email protected].
Ken van Wyk
----------------------------------------------------------------------
Date: 18 Oct 91 19:34:15 +0000
>From:
[email protected] (Sean Malloy)
Subject: Can you help me with this? (Apple ][)
Okay, a friend of mine sent me a copy of an article which claims to
have been posted to usenet (I assume it was to here). It dealt with
one of the earilest documentable computer viruses, written for the
Apple ][ in 1981-2, at Texas A&M. This friend of mine would very much
like to talk to the author of this article, but doesn't have Usenet
access.
If anyone remembers this article, or can provide me with an email address
of the author, I'd appreciate it.
First part of the article to follow... (I don't want to waste bandwidth
by posting the whole thing again).
- ----------------------------------------------------------------------------
$_Article
Sorry this article is rather long, but if you still have any old DOS
3.3 Apple ][ disks lying around please read it! (Feel free to read it
for general entertainment value too, of course, even if you don't
possess any such historical disks.)
I have been asked by Gene Spafford to write an article detailing
the life story of a Virus I wrote for Dos 3.3 on the Apple ][ in
December, 1981 for one of his journals. Spafford wants me to write the
story up because it's the earliest _documentable_ personal computer
virus he's heard of. I'm trying to get more information that I plan to
use to make that article more complete.
1) Why did I write a virus? Am I an evil scum?
At the time (remember, this was 1981) I was an undergraduate at
Texas A+M. There was an active community of Apple ][ users in my dorm
(Shuhmacher), with an _incredible_ amount of copying of pirated game
programs going on. I noted that most games were damaged in various
sorts of ways, but they were almost always still playable despite the
damage. (For example, there was one popular Star Trek game in BASIC
that had occasional garbage control characters in non-critical REM and
PRINT statements; space war games often had random junk replacing some
pictures of ships, etc.) I decided that I could explain this by
invoking a sort of "evolution".
[...]
- -------------------------------------------------------------------------
Thanks for your help
- -Sean
/*--------------------------------------------------------------------------*\
| Sean C. Malloy = ("
[email protected]" || "
[email protected]") |
\*--------------------------------------------------------------------------*/
You'll pay to know what you REALLY think.
------------------------------
Date: Wed, 23 Oct 91 22:48:03 +0300
>From:
[email protected] (Dmitry O. Gryaznov)
Subject: Re: New virus - advanced symptoms (PC)
[email protected] (Vesselin Bontchev) writes:
>
[email protected] (Shulman Ilya A.) writes:
>
>> No, I mean that it is very simple to identificate is virus present
>> when it is active :-)
>
>What symptoms did you have in mind exactly? This one is pretty
>stealthy...
Insert write protected diskette into drive A: and try to delete a file
from it - DOS won't report "Write protect" error.
>> Yep. Two times I found virus on the hard disk in the cluster 714 and
>> 2371 (I can't remember this numbers exactly but) which are the last
>> clusters on the 5" 1.2Mb and 3.5" 730Kb diskettes respectivly. I can't
>> explain why there were the last clusters but not the pre-last but it
>> was so. Also I know the other abnormal effects when virus infects disk
>> but didn't write itself to the last cluster. May be it is an error
>> too, but anti-virus developers _HAVE TO_ know this.
>
>Maybe this referes to the COMPAQ DOS 3.31 situation that was described
>by Dimitri Gryaznov?
The situation described by me refers only to hard disk partitions
larger than 32Mb. I've also observed two strange situations with
floppies. In first case on a 5.25" 720Kb (formatted using software
similar to 800.COM) floppy all executable files were cross-linked to
the proper clusters (two-clusters chain, the last being marked as
0FFEH) but those did *NOT* contain the virus. In second case a normal
360Kb floppy was infected properly but it wasn't possible to restore
affected files since their real start clusters (being decrypted) were
also cross-linked to the cluster appropriate for 720Kb floppy.
- --
Sincerely,
Dmitry O. Gryaznov | PSI AS USSR
[email protected] or
[email protected] | Pereslavl-Zalessky
Phones: office: (08535)-2-0715 home:(08535)-2-1465| 152140 USSR
------------------------------
Date: Wed, 23 Oct 91 23:49:36 +0300
>From:
[email protected] (Dmitry O. Gryaznov)
Subject: Re: DIR II Removal Information (PC)
[email protected] (Vesselin Bontchev) writes:
>
[email protected] (Dmitry O. Gryaznov) writes:
>
>> First of all - a disinfection must be made only when there is no the
>> virus in RAM.
>
>...or when it is not active. For instance, my disinfector is able to
>find it in RAM and to deactivate it.
MY disinfectant does the same... But did you ever try to disinfect
files after deactivating the virus in RAM without rebooting? The DOS
will report an error when infected files on a hard disk will be
accessed. The reason is that DOS continues to use an in-memory copy
of BPB (or DPB following your terminology) modified by the virus. This
BPB reports several blocks less than the actual size of a disk is.
Hence, the last cluster (to where all infected files are cross-linked)
will seem to be (partially) beyond the disk space. Since a hard disk
is non-changable media, DOS normally asks driver to build the BPB only
once and then uses this BPB parameters. To force DOS to rebuild BPB
you are to use the same trick the virus does - find an appropriate DOS
Device Control Block and mark it as never been accessed.
>> *REALLY* contains the virus - you could get an infected file by
>> copying it on a not infected PC. In the latter case a disk most likely
>> is not infected and a file contains just the virus body, its directory
>> entry being quiet normal.
>
>Yeah, that's what I mean... My disinfector does not delete such files.
>Maybe it should?
Definitely *YES*! Such a file is just the virus itself - safe and
sound! Being executed the virus will go resident and start its dirty
work. When the file will be reexecuted by the virus the virus again
will be loaded since the disk is not (or rather WAS not) actually
infected. This will cause the second copy of the virus to terminate
(do you remember INT 20H in the virus?). So a user will see that the
program just terminated. But the virus will already be active and
working and replicating...
- --
Sincerely,
Dmitry O. Gryaznov | PSI AS USSR
[email protected] or
[email protected] | Pereslavl-Zalessky
Phones: office: (08535)-2-0715 home:(08535)-2-1465| 152140 USSR
------------------------------
Date: Wed, 23 Oct 91 23:27:50 +0300
>From:
[email protected] (Dmitry O. Gryaznov)
Subject: Re: DIR II virus and DOS 3.31 (PC)
[email protected] (Vesselin Bontchev) writes:
>
[email protected] (Dmitry O. Gryaznov) writes:
>
>> BUT COMPAQ DOS 3.31 USES DIFFERENT REQUEST HEADER LAYOUT! This leads
>> to the virus body being written to sectors 65535-65536 (FFFFH-10000H)
>> instead of the last cluster. If any file occupies these sectors -
>> ...
>
> Hmm, I didn't notice that... Well, my disinfector will not corrupt
Well, I'll give more details. DOS 4.0+ disk driver uses the following
request layout:
Offset Size Contents
- --------------------------
+0 1 length of the request packet
+1 1 unit number
+2 1 command code
+3 2 Device Status Word
+5 8 reserved
+0DH 1 media descriptor byte
+0EH 4 DWORD address of a data transfer buffer
+12H 2 sector count
+14H 2 starting sector number
+16H 4 DWORD address of ASCIIZ string of Volume ID
+1AH 4 DWORD starting sector number (if starting sector
number at offs. +14H equals to 0FFFFH)
DOS 3.31 driver's request layout:
Offset Size Contents
- --------------------------
<The previous fields are the same>
...
+14H 2 starting sector number
+16H 2 starting sector number highword (if length of the
reguest packet - offs. +0 - equals to 18H)
So, DOS 4.0+ driver distinguishes between short and long sector number
by using the special value 0FFFFH for the sector number at offset +14H
while DOS 3.31 driver distinguishes them by the length of a request.
They also use different locations for the DWORD sector number. The
DIR-II virus uses request header layout for DOS 4.0+. If long sector
numbers are used DOS 3.31 driver will interpret such a request as
being regarded to sector 0FFFFH (offs. +14H).
>information in this case, but it will report that a mutation of the
>virus has been found. It is not very clear how this situation could be
I don't know the method your disinfectant uses to detect the DIR II
virus but I doubt it'll report an infection in the case. The affected
(not really *INFECTED*) files are cross-linked to the cluster which
DOES NOT contain the virus body. Or does you disinfectant rely just
on (F)FFEH mark?
>handled - since when the disinfector is run, it is not safe to assume
>that the DOS version active in memory is the same that was used to
>access the infected disk...
Rather simple - read sectors 0FFFFH-10000H and check whether they
contain the virus body or not. If yes - compare the cluster number
from the virus body with this from the directory entry, etc.
- --
Sincerely,
Dmitry O. Gryaznov | PSI AS USSR
[email protected] or
[email protected] | Pereslavl-Zalessky
Phones: office: (08535)-2-0715 home:(08535)-2-1465| 152140 USSR
------------------------------
Date: Thu, 24 Oct 91 05:23:12 +0000
>From:
[email protected] (McAfee Associates)
Subject: Re: Pakistani/Ashar (PC)
[email protected] (Mario Guerra) writes:
>One machine in my university (a PS/30 with a Seagate 30 MB. disk) was
>infected with the Pakistani Brain/Ashar virus (according to Viruscan 84).
>If I run Viruscan from a clean disk it does not detect the virus, but if
>I boot from the hard disk, the same program says it is in memory.
[rest of message deleted]
Hello Mr. Guerra,
By any chance are you running the VDEFEND.SYS device driver from
Central Point Software that comes with PC Tools 7.1 or Central Point
Anti Virus? If so, the report of the Brain/Ashar in memory could be a
result of having this program in memory, which contains a search
string for the virus which overlaps/matches ours so that VIRUSCAN
reports the viruses' presence in memory. This will occur with
anti-viral programs that do not encrypt (cipher) their search strings
in memory and match up against another anti-viral program's search
strings.
Regards,
Aryeh Goretsky
McAfee Associates Technical Support
- --
- - - -
McAfee Associates | Voice (408) 988-3832 |
[email protected] (business)
4423 Cheeney Street | FAX (408) 970-9727 |
[email protected](personal)
Santa Clara, California | BBS (408) 988-4004 |
95054-0253 USA | v.32 (408) 988-5190 | CompuServe ID: 76702,1714
ViruScan/CleanUp/VShield | HST (408) 988-5138 | or GO VIRUSFORUM
------------------------------
Date: Thu, 24 Oct 91 08:48:28 +0000
>From:
[email protected] (Alexis Rosen)
Subject: Re: Virus on Mac (Mac)
[email protected] (Dave Martin) writes:
>I have always wondered something about nVIR, though, [...] I booted from a
>clean, locked System floppy and used ResEdit to clean out the nVIR
>resources and correct the CODE resources. I copied rather than cut or
>cleared the nVIR resources so I could move them to a separate disk to
>examine them later. Immediately an alert popped up saying that it
>couldn't write to the System file (disk locked). It seems that simply
>by copying the nVIR resources was enough to activate it. [...]
Not quite. What happened was that when you tried to copy, ResEdit
tried to make a scrap file in which it would stash the resources you
were fiddling with. Guess where ResEdit wanted to put the scrap? On
your locked System floppy...
nVIR and all its variants are only activated on program launch.
- ---
Alexis Rosen
Owner/Sysadmin, PANIX Public Access Unix, NYC
[email protected]
{cmcl2,apple}!panix!alexis
------------------------------
Date: Thu, 24 Oct 91 12:35:38 +0000
>From:
[email protected] (Vlod Kalicun)
Subject: Re: What is CoolCapture? (Amiga)
[email protected] (Brett L. Kessler) writes:
|> For example, I have heard of CoolCapture, WarmCapture, ColdCapture,
|> and one or two other common entry points for viri (RomTagPtr?
|> KickTagPtr? I can't remember...). What do all of these places do
|> that make them so attractive to virus-writers?
Some programs can survive a warm reboot (<ctrl><amiga><amiga>) by
linking to the vectors that you meantion. The cool/warm/cold captures
get processed when you do a cold reboot and so virus programs like to
live there. i.e. When you reboot the virus is already in memory
waiting to chomp your disks.
KickTagPtr is something to do with making programs resident( Im not to sure
about this) which virus's like to do as well.
Most virus checkers check these vectors out (warm/cold/cool) and they should
be zero.
Although nowadays theres quite a few utilities that link to these vectors,
eg RAD drives etc..
Hope thats useful...
Vlod kalicun.
[email protected]
------------------------------
Date: Thu, 24 Oct 91 14:51:32 +0000
>From:
[email protected] (Kevin Germann)
Subject: Possible new virus (PC)
We suspect that we have a virus that destroys the hard drive on our
PCs. We have had four occurrances of a very similar problem. Three
times while doing an XCOPY /s from a network drive to the C: drive,
the xcopy has failed, followed by completely losing the contents of
the drive. On trying to reboot the system, we get the message "No
fixed disk". The disk is unusable afterwards. This happened on three
different Panasonic FX-1925S machines after installing an ATI Graphics
Ultra card. We believe that the card is not the problem, because we
have installed it successfully on five other identical machines. We
have experienced exactly the same problem while installing Windows 3.0
on a IBM PS/2 model 50. There was no ATI graphics card in this
machine.
Any help with this problem would be appreciated.
Kevin Germann
[email protected]
------------------------------
Date: Thu, 24 Oct 91 18:54:37 +0700
>From: Cezar Cichocki <
[email protected]>
Subject: Re: Problems with formatting (PC)
Hi Fred!
Try use the Norton`s SafeFormat programm. In Norton Utility 5.0 it is
very nice to use.
Best wishes,
Cezar
============================================
THE BEST PREVENTION IS NOT TO BUY COMPUTER !
============================================
Cezar Cichocki
Warsaw Uniwersity
Dep. of Psychology
Virus Buster (it is translated from Polish)
------------------------------
Date: Thu, 24 Oct 91 09:08:52 -0400
>From: padgett%
[email protected] (A. Padgett Peterson)
Subject: DOS 5.0 ANSI (PC)
Does anyone know why the key-redirection (<esc>[xx;xxp) portion of
older ANSI drivers written for 3.3 and before do not work under DOS
5.0 ? (might also not work with 4.x - haven't tested this) - when
upgrading, was forced into using the limited ANSI.SYS that came with
the DOS distribution.
Note: the DOS 5.0 ANSI.SYS currently in use is 9029 bytes long & dated
3-22-91. In this version, protection from ANSI trojans can be had by
simply changing the byte containing 70h (p) at offset 61h from the
start to some other ASCII letter that is not already assigned to an
ANSI command. In this manner, you will still be able to use
key-redirection (I use alt-letter to switch drives), just anything
trying to do this using <esc>[xx;xxp (e.g. something you did not ask
for) will not work.
However, I really would like to go back to using my extended
redirection set so if anyone knows why older versions do not work, the
information would be appreciated.
Warmly (just back from Toronto),
Padgett
------------------------------
Date: Thu, 24 Oct 91 13:59:13 -0400
>From: padgett%
[email protected] (A. Padgett Peterson)
Subject: Hardware vs Software (PC)
Wrote I:
> Major disagreement. It is easier to protect a single platform
> with a "mission-adaptive" approach loaded first than it is to
> subvert one.
>From:
[email protected] (Fred Waller)
> I hope the disagreement is not with the *facts* as stated in my
> message: "There are more defense variations than ever. There are
> also more viruses than ever. They infect more machines than ever."
> Those facts are a little difficult to disagree with.
O.K: have to make two points here. First, the quoted statement had
nothing to do with virus spread. What I was taking exception to was
the statement that any software defense can be breached by software.
This is a case of "true in theory but impractical in practise":
the effort required to breach a software defense is greater than that
required to erect it. This comes about because the defender has the
advantage of being on home ground & has a "world view" of the system.
The attacker on the other hand is faced with a two-dimentional
viewpoint and must peel away a layered defense like an onion: each
layer may reveal a new defense structure - a very hard task to
automate since the attack being via software means that the attacker
must anticipate ALL possible strategies while the defender needs only
one (hopefully unknown).
Consider that mainframes all use software defenses yet direct attacks
that do not exploit "holes" rarely suceed. Consider also that the
B2 (orange book) certification necessary for compartmented information
is possible with software.
> The incidence of infection may be dependent on protection (if the
> protection is effective, a big "IF"), but it has nothing to do with
> the creation of hundreds and hundreds of new viruses whose main
> effect seems to be the eager encouragement of frequent updates of
> the virus scanners.
This is the second point: ("...has nothing to do..."). The statement
that "virus defenses result from virus attacks" is true however the
reverse is not. Only a small portion of the viruses seen are directed
attacks on defenses, most are simple adaptaions of things that appear
to work. Just to toss out a bit of controversy, IMHO the first
"steath" virus, the Pakistani BRAIN was not designed with "stealth" in
mind, rather the virus would not have worked otherwise.
Fred again
>( If that's the only kind of hardware solution one can envision,
>then it must indeed seem so ). It may be `possible', or it may be
>`impossible', but the software methods we've seen so far haven't
>been good enough.
I said that all that hardware (actually the BIOS had to do was to be
able to select the boot drive. This was not the only kind envisioned,
just the minimum that would be "enough" and be non-intrusive.
Fred:
>... if the software antiviruses haven't suceeded in defeating or
>even stalling viruses by now, then it might be time to try something
>different. Stronger medicine? Stronger medicine.
> Searching for stronger medicine, the idea occurred that hardware
> means of protection had never been breached by any virus - and
> never could be.
True: the BIOS has never been breached but at *some* point you must
begin using software and THIS is where attacks will start. Further, if
things become too difficult for the user or if favored applications
cease to work, the solution will be abandoned.
Fred:
> Yes, if your aim is to install a new BIOS, then you might reasonably
> expect to have to install a new BIOS <g>. I wonder why one would want
> to do such a thing, though... But darn it, let's put things in
> proper perspective: how much does it cost to buy a software
> antivirus package? This much:
(long list of prices deleted)
> (From the listings in PC Mag latest issue
First - while I read the article, my feeling was that most of the
packages tested would in fact have stopped the so-called "totally
hidden virus" *once an infected file was executed*. e.g. SCAN /av if
VSHIELD's switch to test was used or Enigma-Logic's Virus-Safe. In
fact they must have disabled some things for that kind of virus (a
DATACRIME clone) to work at all.
> Anyway, that comes to an average price of $90 per package
Full list quantity 1 ! How many people pay that ? There are many good
shareware and freeware products out there and still people do not
bother to use them even though the effective cost is $0 if the user
does not care to register it.
> Software usually needs to be upgraded, and the true cost over time can become
> very high! Compare that with the quoted one-time price of $70
> per machine and it will become apparent that hardware protection
> (defined by Padgett as "changing the BIOS") may indeed seem rather
> inexpensive.
True, the key is "may". For the single user, the essential cost is
that of a phone call. For a LAN, once loaded on the server and set for
automatic validation/update on login, we are back to (effectively)
zero cost again. (why I have been pushing so hard for LAN
checking/updating).
However, at this point I am not considering cost - we are still in a
very dynamic period. What we aree looking for now are different
options that work. Only when you have equal options does cost enter
the equation. We are not there yet (but getting closer).
However, I propose that BIOS boot selection/validation (and password
if desired) @ zero cost if the proper manufacturer is selected is all
that is needed from HARDWARE, SOFTWARE can provide provide everything
else necessary including protection of integrity from malicious
software as well as mistakes and, in the long run, will be a lower
cost option than anything involving more hardware.
What do you propose ?
Padgett
------------------------------
Date: Thu, 24 Oct 91 13:30:53 -0600
>From: "Don't quote me...You might get it right!" <
[email protected]>
Subject: michelangelo virus at Z-Soft (Paintbrush) (PC)
Last week, a local newspaper reporter came in to the office to ask me
a few questions about the Michelangelo virus, which had apparently
been detected by a local computer store (17 cases!). I started doing
some digging on my own, and found out that the virus was apparently on
a commercial "8-in-1" type program (I don't know the name yet, but
when I do...). A few minutes ago, another user came into the office
with the same virus on his disk, but he told me that he got the virus
"straigt from Z-Soft". He reported some problems with PC Paintbrush,
and they sent him (an obviously used) a disk with a few update files
on it (and the virus ;-) Just lettin' y'all know.
On another note, I now have firsthand experience and knowledge
of why computer virus articles in newspapers get so screwed up :) I
even told this reporter how upset I (and the anti-virus "community")
get with articles written by non-literates and she offered (and did!)
let me review the article before it went to press. But what ended up
in the paper was the original (uncorrected) version. Most of the
mistakes were "picky" to the non-literate, but to the literate are
essential. For example:
"Shareware is software in the public domain...which can be used
for a certain period of time without paying for it".
"NEVER boot a hard drive computer from a floppy disk".
and my favorite :)
"BBS' often spread viruses".
I wrote a letter to the editor correcting these mistakes, but to date
it has not been published. So there's probably some poor kid out
there with a game which requires him to boot from floppy, but some
unknown "local virus expert" says "Don't". I have yet to login to any
of the BBS' for fear of the flames :) (what I said was "Viruses are
often spread via a BBS', but very few BBS' spread viruses and it's
just as possible to get a virus from a commercial program".)
Sorry for the tirade,
John-David Childs
Consultant, University of Montana
[email protected]
------------------------------
Date: Thu, 24 Oct 91 16:44:00 -0600
>From: "Doran L. Barton / Fozziliny G. Moo" <
[email protected]>
Subject: Re: michelangelo virus (PC)
EENG6719%
[email protected] (Anthony Di Nardo) writes:
> Recently my friend's system was infectedwith the Michelangelo virus.
> Does any one have any information on it, or know where I could obtain
> some. SCANV82 identifies it, but in the included virlist.txt it is
> not metioned at all.
I seem to remember that V80 had [Mich] listed on VIRLIST.TXT. I know
that V84 does.
-Fozz
- --
^*&^#*&^$%^*@#&^%$^&*@&#^$%@!*&^%@#$&^%#$&^~!^%*&!^@%#*&^%$%@^#*&^%@!$%#@^*&^%@$
____ Doran L. Barton -- Fozziliny G. Moo EE-CEE Lab Consultant
|_ __ ___ ___ The OMNI-Consultant CS Lab Instructor
| |__| /_ /_
[email protected] USU FTP File Manager
Uses DOS, VMS, & UNIX
"There is no gravity. . . The Earth just sucks!" -XLC in IS2
------------------------------
Date: 24 Oct 91 23:02:11 +0000
>From:
[email protected] (Brian Cooper)
Subject: McAfee VIRUSCAN at bootup (PC)
I would like to have my PC run McAfee's SCAN whenever I turn on my
computer. Is there any problem with doing this??? For example,
suppose a virus entered my system and immediately altered SCAN so that
it would not detect the virus. Is this possible? Does scan check
itself before SCANning the rest of the disk?
Any comments would be appreciated. Thanks in advance.
Brian Cooper
- --
Brian Cooper
Georgia Institute of Technology, Atlanta Georgia, 30332
uucp: ...!{decvax,hplabs,ncar,purdue,rutgers}!gatech!prism!psgrbbc
Internet:
[email protected]
------------------------------
Date: Fri, 25 Oct 91 01:48:26 +0000
>From:
[email protected] (n. michelis)
Subject: Latest NAV 1.5 Virus Definitions (PC)
Can someone please tell me what the latest NAV 1.5 virus definitions are.
The latest ones SYMANTEC AUSTRALIA has on their BBS is 15all04.def
dated the 27th September 1991. I have found that they are always 3-4
weeks behind SYMANTEC in the USA.
This information will be appreciated. Also if there is a new file
definition can somone please mail it do me.
Nick Michelis
Monash University
Melbourne, Australia
------------------------------
End of VIRUS-L Digest [Volume 4 Issue 200]
******************************************
Downloaded From P-80 International Information Systems 304-744-2253
