Return-Path: <virus-l@lehigh.edu>

Return-Path: <[email protected]>
Received: from csmes.ncsl.nist.gov (MACBETH.NCSL.NIST.GOV) by csrc.ncsl.nist.gov (4.1/NIST)
id AA04611; Sat, 1 Aug 92 03:10:46 EDT
Posted-Date: Fri, 31 Jul 1992 12:08:45 -0400
Received-Date: Sat, 1 Aug 92 03:10:46 EDT
Errors-To: [email protected]
Received: from hooch.CC.Lehigh.EDU by csmes.ncsl.nist.gov (4.1/NIST(rbj/dougm))
id AA14425; Sat, 1 Aug 92 03:06:04 EDT
Received: from (localhost) by hooch.CC.Lehigh.EDU with SMTP id AA06363
(5.65c/IDA-1.4.4); Fri, 31 Jul 1992 12:08:45 -0400
Date: Fri, 31 Jul 1992 12:08:45 -0400
Message-Id: <[email protected]>
Comment: Virus Discussion List
Originator: [email protected]
Errors-To: [email protected]
Reply-To: <[email protected]>
Sender: [email protected]
Version: 5.5 -- Copyright (c) 1991/92, Anastasios Kotsikonas
From: Kenneth R. van Wyk <[email protected]>
To: Multiple recipients of list <[email protected]>
Subject: VIRUS-L Digest V5 #134
Status: RO
VIRUS-L Digest Thursday, 30 Jul 1992 Volume 5 : Issue 134

Today's Topics:

RE: write protect on C: (PC)
Re: Virus Creation Laboratory (PC)
Re: GIF viewer crashes system (PC)
Re: victor charlie (PC)
Re: WARNING - Virus Creation Laboratory (PC)
Help with Central Point Anitvirus and FPROT (PC)
Frodo False Alarm (PC)
Re: GIF viewer crashes system (was Re: an amazing problem) (PC)
Re: Strange Identification with SCAN91 (PC)
Re: Virus Question re printer, floppy problems (PC)
re: virus hiding printer (PC)
Re: Common misconception (was: Re: VET as good as SCAN) (PC)
Re: How do I reverse the effect(s) of Stoned ? (PC)
Re: Bugsres-2 (PC)
Disinfectant 2.9 problems (Mac)
re: Disinfectant 2.9 problems (Mac)
Re: Virus BBS List?
Re: Virus BBS List?
New files on risc.ua.edu (PC)

VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc. (The complete set of posting guidelines is available by
FTP on cert.sei.cmu.edu or upon request.) Please sign submissions with
your real name. Send contributions to [email protected].
Information on accessing anti-virus, documentation, and back-issue
archives is distributed periodically on the list. A FAQ (Frequently
Asked Questions) document and all of the back-issues are available by
anonymous FTP on cert.org (192.88.209.5). Administrative mail
(comments, suggestions, and so forth) should be sent to me at:
<[email protected]>.

Ken van Wyk

----------------------------------------------------------------------

Date: Tue, 28 Jul 92 11:04:51 -0400
>From: [email protected] (Steven W. Smith)
Subject: RE: write protect on C: (PC)

>Date: Thu, 23 Jul 92 05:09:01 +0000
>From: [email protected] (Glenn Forbes Larratt)
>Subject: GIF viewer crashes system (was Re: an amazing problem...) (PC)
>
>[email protected] (Shay B. Berthelson) writes:
>>[email protected] (TEMP_7) writes:
>>
>>>i am in desperate need of help.
>>
>>>yesterday i downloaded a piece of software called NakedEye -- a p.d. gif
>>>viewer -- when i tried to run it, the screen blanked and the system crashed,
>>>but when i rebooted i got an error "drive c write protected" -- i am using
>>>dos 5.0 and as far as i know (and as far as my manual says) you cannot write
>>>protect a drive. although i am also running stacker and 4dos. 4dos does not
<DOT>
<DOT>
>>Do you have a virus scan program??? Really sounds to me like you got infected.
>>Better get a scan/clean prog. and clean it up. Most stuff can be fixed and
>>saved if it hasn't destroyed everything.
>
>I agree that this sounds like malicious code at work, since t7's
>assumption is correct that write-protecting a hard drive is not a part
>of standard MS-DOS or (I think) 4DOS or Stacker. This is especially
>likely if you down- loaded from a BBS or from an INCOMING directory of
>an ftp site.

I've experienced the same thing using DR DOS 6.0 with disk
compression. It was not virus-related in any way. It's very likely
that CHKDSK/F will put everything back in order. I think that it's a
nice feature to add the write protect if you subtly munge your disk,
but it would be nice to clue the user in about using CHKDSK/F to clean
up.
Hope you haven't formatted your HD yet or anything :-)
_,_/|
\o.O; Steven W. Smith, Programmer/Analyst
------------------------------

Date: Tue, 28 Jul 92 13:33:30 -0400
>From: Lynn R Grant <[email protected]>
Subject: Re: Virus Creation Laboratory (PC)

>It is interesting to note that Nowhere Man has the gaul to expressly
>forbid any disassembly of his code, or the use of any binary strings
>produced by his program for the purposes of scanning for viruses
>created by the package. Yah, right, Nowhere Man. Go ahead, sue me.

I wonder if he could. I don't believe making a Virus creation
laboratory is illegal (correct me if I'm wrong), though using it
probably is. In that case, he ought to be able to forbid disassembly
of his code the same way IBM does with their licensed code. It might
be interesting to watch the court cases where people have tried to
hold gun manufacturers liable for murders committed with their
products. (To avoid excessive flames and digressions, I won't say
which side I'm on in that issue.)

What would be really interesting is if he waited until a virus created
with his laboratory infected your machine, then sued you for using his
licensed code (the code in the virus) on your machine without a
license. (Sort of like the kids in my old neighborhood, who would
shovel your sidewalks in the winter without being asked, then knock on
the door and expect you to give them a bunch of money for doing it.)

Lynn Grant

------------------------------

Date: Tue, 28 Jul 92 17:42:33 +0000
>From: [email protected] (Stephen Sempson)
Subject: Re: GIF viewer crashes system (PC)

>[email protected] (TEMP_7) writes:
>
>>i am in desperate need of help. ...

There are a number of possibilities. I found out that 'STACKER' does
have some drivers in memory to control reading and writing to the
disk. (Obviously, check out the 'Config.sys').

The trick here is that you must edit your config.sys file to stop the
'/Swap' option. Rem the whole line out. Also take off the check disk
integrity option.

Reboot from here. The next step is to use 'scheck' which will flag you
if a problem is found to use NDD or 'chkdsk /f' to correct the
problems. At this point you must 'Unmount' the stacked disk. Then
take off all of the file attributes to this file. It is probably
Stackdsk.vol (Dosshell will even do this). Now you must remount the
'Stacked Disk'.

>From here you will now have the write access to the Stack Volume Disk.
Use 'Chkdsk /f' or 'NDD d: /complete'.

Finally set your config.sys to its original setup and reboot.

The long and the short... It ends up being a file allocation and lost
clusters found scenario, which is compounded by the fact that you need
to have 'Stacker' up and running, but limited from it's usual boot-up
configuration.

Hope this is useful if no virus is found...

---===---===---===---===---===---===---===---===---===---===---===---===---===
=========)_____._____ From: Stephen Sempson
\ / / - <[email protected]>
====={ University of Waterloo, Canada
===---===---===---===---===---===---===---===---===---===---===---===---===---

------------------------------

Date: Tue, 28 Jul 92 15:55:09 -0400
>From: "William Walker C60223 x4570" <[email protected]>
Subject: Re: victor charlie (PC)

>From: [email protected] (Miriam E Brown)
> Has anyone ever used Victor Charlie and have any opinions?

Victor Charlie (VC) is the anti-virus package produced by Bangkok
Security Associates (BSA) of Thailand. While I have not used it, I
understand that it is fairly good. HOWEVER, BSA has been dabbling in
some activities that many anti-virus researchers call unethical, and I
personally recommend NOT using VC as a form of protest against this
behavior (notice: this is my opinion).

At the International Virus Prevention Conference (IVPC '92) in
Washington, D.C. last month, John DeHaven, director and chief
programmer of BSA, made a presentation on "The Virus Factory." Not
the Bulgarian virus factory, which was what I expected, but a software
package developed by BSA to generate programs which are encrypted and
50% of which drop a slightly modified version of Jerusalem-B. No
existing scanner can detect the virus in these files, which was their
point. The package was developed as part of an experiment to
demonstrate that passive inspection (scanning) is inadequate.

If BSA had left it at that, it would have been fine. However, BSA
decided to distribute sets of these generated programs. Even though
they had set up an elaborate security system for sending the programs
to a researcher, the programs should not have been distributed at all.
A random 50% of the programs contain a LIVE (not neutralized)
Jerusalem-B virus, and none of them are detectable by existing
anti-virus software (once dropped, though, the Jerusalem-B virus IS
detectable). BSA had set up the elaborate distribution system to
control and track distribution of these programs, but during the
presentation, Dr. Alan Solomon stated that he had received a set from
outside of this "secure" distribution channel. I hope that Dr.
Solomon responds to this message and gives more details on the
incident as well as his opinion on the matter.

I'll agree that these particular programs are not much of a threat.
They're supposed to be stamped with the name and address of the
intended recipient, and the virus has "a one-byte alteration to
eliminate the 'bombs'...," though it can still spread. However, I
still feel that it is unethical to distribute live viri in this
manner, particularly since they are not detectable in this form. Of
course, this is just my opinion. I hope others share their opinions
as well.

> We are thinking of using it opposed to McAfee's Scan and Clean.

Have you considered Frisk's F-PROT, Dr. Solomon's Anti-Virus Toolkit,
IBM's VirScan, or Fifth Generation's Untouchable -- or some
combination? You really should use more than one anti-virus product,
and these aren't bad. Whatever you use, be sure that they are easy to
keep up-to-date.

The preceding comments reflect my opinions, and not those of my
employer or the Air Force. Any errors are also mine, and are likely
to be pointed out as such. :-)

Bill Walker ( [email protected] ) |
OAO Corporation | "... but as we say on Earth,
Arnold Engineering Development Center | c'est la vie."
M.S. 120 | -- James T. Kirk
Arnold Air Force Base, TN 37389-9998 |

------------------------------

Date: 28 Jul 92 21:48:18 +0000
>From: [email protected] (Johnathan Vail)
Subject: Re: WARNING - Virus Creation Laboratory (PC)

[email protected] (Neal Miller) writes:

Oh for crying out loud... Just what we need... A
Virus-Construction Kit for beginners... I hope that McAfee gets their
hands on this package ASAP, if not sooner. Here's an idea... Could
someone conceivably write a virus that will seek out and destroy such
a V.C.L. based on unique strings within the program? Just an idea...

The short answer is yes.

However, I hope this was a sarcastic comment. People have expounded
many times on why a benevolent virus is not a good thing. For both
technical and moral reasons.

jv

"Good doesn't live and theres no evil here,
only this great power we misunderstand" -- Dinosaur jr.
_____
| | Johnathan Vail [email protected] (508) 663-7435
|Tegra| [email protected] [email protected](WorldNet)
----- MEMBER: League for Programming Freedom ([email protected])

------------------------------

Date: Tue, 28 Jul 92 19:08:19 -0400
>From: Steve Clancy <[email protected]>
Subject: Help with Central Point Anitvirus and FPROT (PC)

The following was passed along to me by a user of our local BBS. I
would appreciate any suggestions addressing his particular problem.

- -- Steve Clancy

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
% Steve Clancy, M.L.S. % Wellspring RBBS %
% Biomedical Library % 714-856-7996 300-2400 24hrs %
% University of California % 714-856-5087 300-9600 24hrs %
% P.O. Box 19556 % [email protected] %
% Irvine, CA 92713 U.S.A. % [email protected] %
%.....................................................................%
% "As long as I'm alive, I figure I'm making a profit" %
% - John Leas, 1973. %
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

I have DOS 3.3, a 286 10 MHz with 896K extended memory.
I have Norton Utilities 6.0
Antiviral software that I have: Central Point Antivirus (CPAV) and
FPROT.

Part of CPAV is a program called VSAFE. This checks the programs you
try to execute for viruses. There are also options that will have it
alert the user if something is trying to become resident in memory,
access a disk, format a disk, alter a file, etc.

Lately, whenever I have the General Write Protect option on (when this
is on, VSAFE will sound an alarm if anything is trying to write to a
disk) and then I try running a program, VSAFE commplains that something
is trying to write to the current disk. I don't know if it's trying to
write to a sector, or if it's using regular file functions.

When using FPROT on Heuristics, it complained that Norton Utilities was
compressed by OPTILINK, and was skipping it. Those Norton Utilities
program that weren't packed were checked. FPROT said that these
programs used certain techniques to move around in memory that viruses
usually use. I don't know if that's important or not, but I'll mention
it just to be safe...

When FPROT (on Heuristics scan) scanned WHERE.COM and DDIR.COM, it said
that there was a virus that remained resident in them. When I tried
running them (before they were scanned with FPROT) with VSAFE on, there
was no mention that anything was trying to become resident. (Yes, I did
have VSAFE set to alarm me if something DID try to become resident!)

Anyway, that's really all there is, except that I have WHERE.COM and
DDIR.COM in an archive (.LZH) file.

P.S., I just remembered!
Central Point Antivirus' scanner (the thing that checks the program
files and actually removes viruses) has sometimes been complaining that
some program files are SHRINKING. One of them was CSHOW.EXE (a graphics
viewer).

------------------------------

Date: Wed, 29 Jul 92 00:00:11 +0000
>From: [email protected] (Jim Baltaxe)
Subject: Frodo False Alarm (PC)

I just came across an interesting false positive reported by Virusafe
v. 4.5, from XTree software running on a Toshiba laptop (386SX) under
DOS 5.0 and an access control manager called Ironclad v. 2.0 from
Silver Oak Systems.

Virusafe reported the Frodo (4096) virus in memory but no infected
files. F-Prot 204a did not report anything either in memory or on
disk. Attempting to reboot from a known clean system disk failed
because the ACM was active.

Eventually we got an emergency boot disk for Ironclad which disabled
the ACM. Then when we rebooted and rescanned with both Virusafe and
F-Prot the system reported clean. EXE & COM files reported the same
lengths with & without the "infected" system running.

Unfortunately I am not very familiar with Ironclad so I cannot say
exactly what it did (presumably packed/encrypted the disk?). Ironclad
appears to be based on a hidden device driver which is unlikely to
have been effected by the virus.

Anybody come across this as well?
- --
Jim Baltaxe - [email protected]
Computing Services Centre - Victoria University of Wellington - New Zealand
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Time is such a valuable commodity because they're not making it any more.

------------------------------

Date: Wed, 29 Jul 92 06:44:14 +0000
>From: [email protected] (Teik Tan)
Subject: Re: GIF viewer crashes system (was Re: an amazing problem...) (PC)

>>>yesterday i downloaded a piece of software called NakedEye -- a p.d. gif
>>>viewer -- when i tried to run it, the screen blanked and the system crashed,

>>>but when i rebooted i got an error "drive c write protected" -- i am using
>>>dos 5.0 and as far as i know (and as far as my manual says) you cannot write

>>>protect a drive. although i am also running stacker and 4dos. 4dos does not
>>>have a write protect command. does stacker? how did this happen? i am having

>>>a hell of a time running applications now because of this persistant error.
>>>any help would be greatly appreciated....
>>
>>Do you have a virus scan program??? Really sounds to me like you got infected.
>>Better get a scan/clean prog. and clean it up. Most stuff can be fixed and
>>saved if it hasn't destroyed everything.

I have come across such a problem. At the beginning I thought it must
be a virus. But further thought leads me to think that there is no
way that a hard disk could be write-protected, unless someone
physically rewire the hard disk.

Now, here is what I did:

1. Boot from a clean floppy disk (do not run stacker).
2. Change drive to the original hard disk where stacker is located.
(ie: change to drive where STACKVOL.DSK is located)
3. Use DOS ATTRIB to clear the read-only attrib of STACKVOL.DSK
4. Cold boot (or reset) your system and try to start the stacker drive.

If you follow the procedure above, your system should run properly.
If it still doesn't run, then maybe it is a problem other than I have
encountered. If it does run, then it is most probably due to the
stacker drive problem. Normally, stacker alone gives no problem. But
if it is run together with some caching program (like NCACHE, as was
in my case), the problem would arise since both NCACHE and STACKER
would try to write at the same time, thus "confusing" the computer. I
don't know much about 4DOS, but I suspect more or less the same thing
happen to your system.

Hope this helps.

Teik Leong Tan
[email protected]
(Normal Disclaimer)

------------------------------

Date: 29 Jul 92 08:11:42 +0000
>From: [email protected] (Fridrik Skulason)
Subject: Re: Strange Identification with SCAN91 (PC)

[email protected] (Lt Sajid Rahim) writes:

>I find it very strange to see that SCAN identifies Saturday the
>14th virus as Armagedom. Having disassemble the code for both
>viruses, I find no particular relationship between the two.

True - there is no relationship whatsoever. There are even some
fundamental differences, such as that Armageddon adds its code in
front of the files it infects, but Sat. 14th appends the code.

However, the viruses may nevertheless have a code piece in common,
which makes it possible to reduce the total number of search strings
by one. After all, most users may not care which virus they have,
only if they have a virus or not - a job which SCAN performs very
well.

- -frisk

------------------------------

Date: 29 Jul 92 08:13:22 +0000
>From: [email protected] (Fridrik Skulason)
Subject: Re: Virus Question re printer, floppy problems (PC)

[email protected] writes:

>Is there any virus that can cause an IBM-compatible to be blind to the
>printer (it thinks that an online printer is offline) and to the
>changing of floppies (showing previous floppy contents after replacing
>a floppy with another with different contents).

Yes. Azusa.

- -frisk

------------------------------

Date: Wed, 29 Jul 92 08:25:18 -0700
>From: [email protected] ()
Subject: re: virus hiding printer (PC)

Thanks for the responses to my question a few days ago regarding a
virus capable of altering some data bits to hide the printer and the
changing of floppies to my computer.

Alas, a virus named 'Azusa' was found with the software from McAfe
(I'm sorry if I misspell the name here). This virus lived in the
partition table of my hard disk and in the boot sector of my floppies.
After cleaning the virus, my system is back to normal.

Thanks again for your responses.
- -Tuan

------------------------------

Date: Wed, 29 Jul 92 16:41:56 +0000
>From: [email protected] (McAfee Associates)
Subject: Re: Common misconception (was: Re: VET as good as Viruscan? (PC))

[email protected] I write:
>(during the October, 1990 earthquake, we were "disconnected from the
>electronic world" for about 36 hours).

Oops, that was October, 1989. My apologies for any confusion.

Regards,

Aryeh Goretsky
McAfee Associates Technical Support
- --
- - - -
McAfee Associates | Voice (408) 988-3832 | [email protected] (business)
3350 Scott Blvd, Bldg 14 | FAX (408) 970-9727 | ObQuote: "Log... from Blammo"
Santa Clara, California | |
95054-3107 USA | BBS (408) 988-4004 | CompuServe ID: 76702,1714
ViruScan/CleanUp/VShield | USR Courier DS 14.4Kb| or GO VIRUSFORUM

------------------------------

Date: Wed, 29 Jul 92 13:31:38 -0400
>From: "David M. Chess" <[email protected]>
Subject: Re: How do I reverse the effect(s) of Stoned ? (PC)

> From: [email protected] (Lachlan Cranswick)
> ...
> Stoned is quite happy to exist on a hard-disk which it slowly corrupts.

No. Sorry to be contrary, but this is one of the most common viruses,
and misinformation about it is a bad thing. The Stoned virus writes
to a hard disk one and only one time: when the machine is booted from
an infected floppy diskette. It never makes any alterations to the
hard disk after that. No slow corruption, or fast corruption either,
for that matter (with one exception; see the next paragraph).

On some hard disks (those with the first partition stored immediately
after the master boot record, rather than at the start of the next
track), the virus will save a copy of the master boot record over
part of DOS's data space (generally one of the FATs). (This is
a bug in the virus, and apparently not intentional; the space is
unused on most hard disks.) This can cause immediate problems
if that part of the FAT is in use for files (the files will
become cross-linked, invalid, and so on; CHKDSK will report
many errors). If that part of the FAT is not in use, problems
may occur later, when the disk gets fuller and DOS tries to
use the part of the FAT that contains the saved original MBR.
The machine may not boot from the hard disk, for instance.

Cleaning up from a Stoned infection just involves reconstructing
or restoring the code part of the Master Boot Record, using
FDISK /MBR to rebuild the code from scratch (carefully! see back
issues of VIRUS-L for details), or using any anti-virus program
that can find and restore the original MBR. If the old MBR was
placed in the FAT, and DOS has altered it (so the machine no
longer boots from the hard disk), that won't work, and a
rebuild-the-code-from-scratch is called for (unless you have
a backup of the MBR lying around). Also if the old MBR was
placed in the FAT, and that part of the FAT was in use for
files, the files should be restored from backups (although
if any are critical and not backed up, lots of slogging
with some disk-explorer should be able to find the data
eventually).

The "hard drive named D:" effect in the original posting
doesn't ring any bells with me. What does DOS think about
C:? What does "DIR C:" do? I've not heard of the Stoned
causing this effect before. Might be a coincidence, or
an unusual interaction with something about your hard disk.

- - -- -
David M. Chess | "Some look at the world as it is, and
High Integrity Computing Lab | ask 'why?'. I look at the world as it is,
IBM Watson Research | and say 'Hey, neat hack!'." - J. R. H.

------------------------------

Date: Wed, 29 Jul 92 12:44:10 -0400
>From: [email protected] (Glauber Maciel Santos)
Subject: Re: Bugsres-2 (PC)

Hello,
The same thing happened to me when I ran F-Prot. The program
I have is called BUGRES and it's not a virus. It's just a program
that tries to simulate a virus by drawing some bugs on the screen.
That's why F-Prot calls it a joke program.

Glauber Santos

------------------------------

Date: 28 Jul 92 16:02:39 +0800
>From: "Fran Holtsberry" <[email protected]>
Subject: Disinfectant 2.9 problems (Mac)

Since we began installing Disinfectant 2.9 on campus machines, we have
had a rash of System errors. We have lock-ups, inits not loading,
errors when attempting to access Apple Menu selections. . ..

Anyone else experiencing this type problem? was there a warning with
it that I didn't read?

We are sending out a campus warning about Disinfectant 2.9 until I
hear from some of you.

Fran Holtsberry
[email protected]

------------------------------

Date: Wed, 29 Jul 92 10:11:47 -0500
>From: [email protected] (Mark Anbinder)
Subject: re: Disinfectant 2.9 problems (Mac)

Fran Holtsberry says...

> Since we began installing Disinfectant 2.9 on campus machines,
> we have had a rash of System errors. We have lock-ups, inits
> not loading, errors when attempting to access Apple Menu
> selections. . ..

You haven't specified whether you're referring to the Disinfectant
INIT (or "Extension" in System 7 terminology) or just the application.
My guess is the INIT, since just having the application on your hard
drive shouldn't have this effect.

> Anyone else experiencing this type problem? was there a
> warning with it that I didn't read?

One thing that's important to note, if you haven't used a version of
Disinfectant since 2.7, is that System 7 users MUST put the
Disinfectant INIT in the Extensions folder within the System Folder.
Prior to version 2.7, the reverse was true: the Disinfectant INIT
needed to be in the System Folder itself, not the Extensions
subfolder.

> We are sending out a campus warning about Disinfectant 2.9
> until I hear from some of you.

Are these problems campus-wide? Or are they showing up on only a few
machines? If you could provide more details, the rest of the group
will be better able to offer suggestions. For example, what version
of the System software (6.0.5? 7.0.1?) is running on the affected
machines? What other INITs are present?

Disinfectant is one of the most-compatible pieces of software I've
seen in a long time, but conflicts can occur almost anywhere. Maybe
we can figure out something that will help John Norstad make his
software still more reliable.
- --
Mark H. Anbinder [email protected]
BAKA Computers, Inc. QuickMail QM-QM 607-257-2614
200 Pleasant Grove Road Phax 607-257-2657
Ithaca, NY 14850 Phone 607-257-2070

"Some people want to be independent but can't do it alone."
-- Frank Romano

------------------------------

Date: Tue, 28 Jul 92 18:03:26 +0000
>From: [email protected] (Robert Slade)
Subject: Re: Virus BBS List?

[email protected] (Brian C) writes:
>Could someone please e-mail me a list of virus related bbs?

As coincidence would have it, I have just sent out a request on the
Fidonet virus related echoes for information from sysops of antiviral
BBSes. I do not expect to have most of the info for at least a month.

I am not sure how this list will be maintained, but at the present
time I suspect I will have to keep it separate from the CONTACTS.LST
file.

=============
Vancouver [email protected] | "Kill all: God will know his own."
Institute for [email protected] | - originally spoken by Papal
Research into [email protected] | Legate Bishop Arnald-Amalric
User [email protected] | of Citeaux, at the siege of
Security Canada V7K 2G6 | Beziers, 1209 AD
============= for back issues:
Contacts list: cert.org, /pub/virus-l/docs/reviews
Reviews: cert.org, /pub/virus-l/docs/reviews/pc
Column: cert.org, /pub/virus-l/docs/slade.cvp.articles
For those without ftp, see Jim Wright's posting, or use Cyberstore.
Also FREQ from 1:153/733 The Cage 604-261-2347.

------------------------------

Date: Tue, 28 Jul 92 22:06:35 -0400
>From: [email protected] (JJ Kahrs)
Subject: Re: Virus BBS List?

[email protected] (Brian C) writes:

> Could someone please e-mail me a list of virus related bbs?

The problem with finding virus boards is that.... they don't want to
be found. Almost ALL are underground.... and they go to great pains
not to be found by the general public.
-JJ Kahrs
- -----
JJ Kahrs
Internet: [email protected] uucp: uunet!valinor!matrix
- -----

------------------------------

Date: Wed, 29 Jul 92 11:33:40 -0400
>From: James Ford <[email protected]>
Subject: New files on risc.ua.edu (PC)

The following files have been placed on risc.ua.edu in the directory
/pub/ibm-antivirus for anonymous FTP:

tbscan40.zip - Thunderbyte Scan v4.0
mteavr22.zip - Signature file for use with tbs* programs
i-m123.zip - Integrity Master v1.23a
i-msetup.bat - Batch file to set up Integrity Master

- ----------
The number of a person's relatives is directly proportional to his fame.
- ----------
James Ford - Consultant II, Seebeck Computer Center
The University of Alabama (in Tuscaloosa, Alabama)
[email protected], [email protected]
Work (205)348-3968 fax (205)348-3993

------------------------------

End of VIRUS-L Digest [Volume 5 Issue 134]
******************************************

Downloaded From P-80 International Information Systems 304-744-2253