Return-Path: <virus-l@lehigh.edu>

Return-Path: <[email protected]>
Received: from csmes.ncsl.nist.gov (MACBETH.NCSL.NIST.GOV) by csrc.ncsl.nist.gov (4.1/NIST)
id AA00560; Tue, 11 Aug 92 17:36:45 EDT
Posted-Date: Tue, 11 Aug 1992 17:33:39 -0400
Received-Date: Tue, 11 Aug 92 17:36:45 EDT
Errors-To: [email protected]
Received: from CS2.CC.Lehigh.EDU by csmes.ncsl.nist.gov (4.1/NIST(rbj/dougm))
id AA24795; Tue, 11 Aug 92 17:31:58 EDT
Received: from (localhost) by CS2.CC.Lehigh.EDU with SMTP id AA13304
(5.65c/IDA-1.4.4); Tue, 11 Aug 1992 17:33:39 -0400
Date: Tue, 11 Aug 1992 17:33:39 -0400
Message-Id: <[email protected]>
Comment: Virus Discussion List
Originator: [email protected]
Errors-To: [email protected]
Reply-To: <[email protected]>
Sender: [email protected]
Version: 5.5 -- Copyright (c) 1991/92, Anastasios Kotsikonas
From: Kenneth R. van Wyk <[email protected]>
To: Multiple recipients of list <[email protected]>
Subject: VIRUS-L Digest V5 #138
Status: R
VIRUS-L Digest Tuesday, 11 Aug 1992 Volume 5 : Issue 138

Today's Topics:

Re: McAfee GENP/GENY identification (PC)
Re: MS-DOS 6.0 with Anti-Virus ? (PC)
Laptop return serviced and infected (PC)
4096 (frodo) false alarm? (PC)
Strange MBR (PC)
Is "Bloody" a virus? (PC)
Are the Azusa and Bloody! viruses related? (PC)
Scan93 Calls Michangelo "Stoned" (PC)
Re: Scan93 Calls Michangelo "Stoned" (PC)
Re: F-Prot and Stoned (No-Int) Virus (PC)
V84 and DOS 5.0 Shell (PC)
F-PROT reports IBMBIO.COM as 'suspicious' (PC)
Vi-Spy review from Virus Bulletin (PC)

VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc. (The complete set of posting guidelines is available by
FTP on cert.sei.cmu.edu or upon request.) Please sign submissions with
your real name. Send contributions to [email protected].
Information on accessing anti-virus, documentation, and back-issue
archives is distributed periodically on the list. A FAQ (Frequently
Asked Questions) document and all of the back-issues are available by
anonymous FTP on cert.org (192.88.209.5). Administrative mail
(comments, suggestions, and so forth) should be sent to me at:
<[email protected]>.

Ken van Wyk

----------------------------------------------------------------------

Date: 07 Aug 92 19:38:17 +0000
>From: [email protected] (Fridrik Skulason)
Subject: Re: McAfee GENP/GENY identification (PC)

[email protected] writes:
>if available, cleaning is not 100%, new polymorphic viruses are
>self-mutating and as they improve will become invisible to scanners and
>other heuristic techniques.

Scanning is not heuristic!

actually, my opinion is that the more difficult it is for a scanner to
detect a virus, the easier it becomes for a heuristic analyser to
detect it.

>Our firm distributes Victor Charlie which can deal with all known and
>unknown viruses.

Yeah, sure...99% maybe 99.9% even, but "all".....nah...

- -frisk

------------------------------

Date: 07 Aug 92 19:56:39 +0000
>From: [email protected] (Fridrik Skulason)
Subject: Re: MS-DOS 6.0 with Anti-Virus ? (PC)

[email protected] (A. Padgett Peterson) writes:

>I see in the new PC-Week that MS-DOS 6.0 is scheduled to contain anti-
>virus software from Central Point.

Well, if they do this, they could hardly have picked a better product
for the rest of the anti-virus community to compete against, as
outperforming CPAV is generally considered extremely easy...

a few examples from the most recent comparative review from Swoboda:

CPAV the top program(s)

Pogue detection 0% 100%
Slovak detection 0% 72%
Dedicated detection 0% 100%
Crashes during scan and disinfection
of 24.000 infected files 0 79
correct disinfection 37% 64%
percentage of viruses detected (EXE) 69% 93%
(COM) 53% 98%
V2P6 detection crash 100%

I guess that nobody from Microsoft reads this group (if they do, I
would very much like to hear form them).......

------------------------------

Date: Fri, 07 Aug 92 21:36:44 -0400
>From: John Kida (jhk) (Vienna) <[email protected]>
Subject: Laptop return serviced and infected (PC)

A Grid laptop was returned from the Raliegh, Nc. service center
infected with the "JOSHI" virus... ..

All persons who have had a laptop repaired in the Raleigh, Nc. service
center, should scan the Hard drive and any media which has been
introduced into it...

Since this is a service center the odds of more than 1 infection are
HIGH....

John Kida
SSDS, Eastern Region <[email protected]>

------------------------------

Date: Sun, 09 Aug 92 07:52:36 +0000
>From: [email protected] (Nadav Har'El)
Subject: 4096 (frodo) false alarm? (PC)

Hi. This question is for anti-virus writers, such as McAfee and Frisk,
and for anybody with any expiriance with the 4096 (also known to
f-prot as frodo) virus. Yesterday I was checking out a new MS-windows
product I got, and I decided to check it with scan 93 before I run it.
So I exited windows, and run the scanner. I almost got a heart attack
when I so the message '4096 Virus [4096] active in memory' or
something of the sort. This was impossible, since I always scan new
software before I run it, and the 4096 is an old virus. So I rebooted
from a write protected dos diskette which I have saved in advance
(whith no autoexec/config.sys so no files for the hard disk are used).
I then used scan from a write protected diskette, and of course now
there was no 4096 in memory. But it didn't find any virus at all on my
hard disk, nor on my Windows boot diskette! This was very puzzling:
I've run scan from the hard disk when the virus was active, so how
come it wasn't infected? So I deliberatly boot again from the windows
diskette and exited it, and of course I got the virus alarm again. As
I have a write protected backup, I didn't care messing up some files,
as long as I get rid of this virus. So I deliberately run some
executible files from my hard disk. >From past expiriance I have with
the 4096 virus I know the when it is active, as soon as you run a
program, it gets infected. But when I rebooted again from the clean
floppy and scanned, there was no virus on my hard disk! Now I was
almost certain that that had to be a false alarm. I rebooted again
from the windows diskette, and of caurse it still got the virus alarm.
I used arj to extract a 200K file, and what do you know: right after
arj was finished there was no virus in memory according to scan! The
question is - are my conclusions correct? i.e. if it was really the
nasty 4096 virus, wouldn't it infect all executables I ran, or at
least some of them? does the fact that it didn't infect anything mean
that it is a false alarm? by the way, when the virus was active in
memory according to scan, chkdsk returned 640K of memory, and no disk
errors. sd /i returned 639K of memory, but as far as I remember, that
is the way they return since I got the computer. Also, I used f-prot
after using scan ant it came to the same conclusions - frodo in
memory, but when rebooting from a clean diskette, there was no frodo
in memory but no files infected as well. I hope someone has any clues
for me, because I am not sure it is a false alarm, although it
certainly looks like one (How on earth can random memory or parts from
tsr's I load look like a 4096 virus???)

Thanks in advance,

- --
Nadav Har'El | ###### ######## # | <-- Sorry if
Email: [email protected] | # # # | you can't
Department of Mathematics, Technion | # # # | read Hebrew.
Israel Institute of Technology | ######## # ###### | Nadav. ;)

------------------------------

Date: Sun, 09 Aug 92 13:30:04 -0500
>From: [email protected] (Philip Smolen)
Subject: Strange MBR (PC)

I noticed a machine with a strange MBR at work recently. The first 16
bytes look like this:
EA 05 00 C0 07 E9 99 00 02 6F 79 00 F0 E4 00 80

The machine I found this on refused to boot. SCAN could not find
anything unusual. Glancing at the code it looks like it was made for
a boot sector or MBR. The first instruction, for example, is jmp
07C0:0005. (On bootup this translates to jump to the next
instruction. After DOS has loaded normally, this translates to crash
and burn.)

Has anyone seen anything like this? Does anyone know what could have
caused this?

Some additional information:

This machine is in a student computer lab. The disk had been having a
number of other strange problems, like sector not found errors, even
though spin-rite could not find a problem. The machine had been
running some experimental software that disk some int 13 disk i/o, but
nothing that should have made anything like this.

------------------------------

Date: Sun, 09 Aug 92 20:34:22 +0000
>From: Jonathan Lewin <[email protected]>
Subject: Is "Bloody" a virus? (PC)

My PC has begun to display the words "Bloody" and "Jun 4, 1989" on
boot-up. Is this a known virus? If it is, could someone PLEASE tell
me, and advise me how to get rid of it? The PC it is on is vital to a
small company, and I don't want it to start losing files.

Thanks,

Jonathan

------------------------------

Date: Mon, 10 Aug 92 20:23:00 +0000
>From: Jonathan Lewin <[email protected]>
Subject: Are the Azusa and Bloody! viruses related? (PC)

In depth: I suddenly got the Bloody! virus on my hard drive partition
table, and when I got rid of it, the clean program notified me that I
had the Azusa in memory. Since deleting it, I have not seen the Azusa
again. But I saved copies of both, and couldn't find (or didn't see)
any similarity. Are these related, or do I have two different
infections that I should worry about?

Thanks,

Jonathan

------------------------------

Date: Sun, 09 Aug 92 11:32:51 -0400
>From: Adrienne Voorhis <[email protected]>
Subject: Scan93 Calls Michangelo "Stoned" (PC)

There has been some discussion recently about how (unnamed
versions of) McAfee's Scan program are announcing an infection by
Stoned when other virus scanners are calling it Michaelangelo.

A copy of Michaelangeo that I have saved from April 1992 is
detected by Scan89 as Michaelangeo, but is detected by Scan93 as
Stoned. My guess is that other posters that have reported this
phenomenon are not dealing with a new variant of Michaelangelo. It's
just that the newest version of Scan got sloppy and detects all
Michealangeo infections as Stoned. (I haven't heard that
Michaelangelo has any other strains detected.)

Not knowing the actual virus that has infected your machine can be
a real problem. Previous posts, for example, have described the
special problems that users face when disinfecting a computer that has
been infected by both Stoned and Michealangelo. If the scanner does
not even distinguish between the two, how is the user supposed to know
why he or she is having no luck disinfecting the computer?

Adrienne and Bob Voorhis
Albert Einstein College of Medicine
Bronx, New York

///\\\\ /////\\ _________________________________
////\\\\\//////\\\\ / Adrienne and Bob can't \
|||| | mmm mmm | |||| | speak for me or my medical school |
|||| | 0 0 | |||| \__________________________________/
|||| | |_| | |||| /
|||| | mmmmm | ||||
\ --- /

------------------------------

Date: Sun, 09 Aug 92 19:42:51 -0400
>From: Adrienne Voorhis <[email protected]>
Subject: Re: Scan93 Calls Michangelo "Stoned" (PC)

Earlier today we sent a post saying:

> A copy of Michaelangeo that I have saved from April 1992 is detected by
> Scan89 as Michaelangeo, but is detected by Scan93 as Stoned. My guess is

This information was based on faulty memory. Scan 85 identified it as
Michaelangelo. Scan 89B and Scan 93 identified the same sample as Stoned.

Needless to say, this doesn't affect the points we made in our last post.

Adrienne and Bob Voorhis
Albert Einstein College of Medicine
Bronx, New York

///\\\\ /////\\ _________________________________________
////\\\\\//////\\\\ / Adrienne and Bob can't speak for me \
|||| | mmm mmm | |||| | or my medical school, particulary if they |
|||| | 0 0 | |||| | can't get their facts straight. |
|||| | |_| | |||| ___________________________________________/
|||| | mmmmm | |||| /
\ --- /

------------------------------

Date: Mon, 10 Aug 92 21:10:26 +0000
>From: [email protected] (Gary Heston)
Subject: Re: F-Prot and Stoned (No-Int) Virus (PC)

[email protected] (Michael Ciarfello) writes:
[ ... ]
>The No-Int Stoned virus is about the only virus that gives us trouble
>around here. Does anyone have any experience with cleaning up Stoned
>with F-Prot?

Can't say.

>We have a program to restore the boot-sector of the hard disk from a
>good copy of it, but it doesn't work to restore floppy disks.

Copy the files to another disc and reformat the floppy. Seems like
Stoned has a tendancy to copy the original boot record over the
secondary FAT or something; better to wipe it completely than to risk
finding something was corrupted that you didn't know about.

Gary

- --
Gary Heston SCI Systems, Inc. [email protected] site admin
The Chairman of the Board and the CFO speak for SCI. I'm neither.
Hestons' First Law: I qualify virtually everything I say.

------------------------------

Date: Tue, 11 Aug 92 00:28:19 +0000
>From: [email protected]
Subject: V84 and DOS 5.0 Shell (PC)

Having only recently regained a network account, I have been away from
posting for awhile. Anyway, I thought I would ask a somewhat dated
question, about VSHIELD and DOS 5.0 shell. Over the winter, I was
asked to investigate a problem, namely that with V84 of VSHIELD. The
micro would lock up when the user moved the mouse from one window to
the next in the shell. I eventually passed him on to McAfee, but I
would like to know for myself why happened. Unfortunately I cannot
pass on more detail than this about the user's setup. I'm pretty sure
that later versions of VSHIELD have addressed this problem. If anyone
can enlighten me, it would be appreciated.

Thanks
Bill Gough

------------------------------

Date: Sun, 09 Aug 92 01:32:15 -0700
>From: System Manager <[email protected]>
Subject: F-PROT reports IBMBIO.COM as 'suspicious' (PC)

I ran F-PROT with 'heuristics' option on my IBM DOS system and it
reports that IBMBIO.COM 'moves itself into different area of memory
using methods usually only used by viruses'. F-PROT's 'secure scan'
reports nothing, neither does VIRUSCAN. What is it - false alarm or
an unknown virus ?

------------------------------

Date: 07 Aug 92 12:39:51 -0400
>From: Ray Glath <[email protected]>
Subject: Vi-Spy review from Virus Bulletin (PC)

Reprinted with permission from Edward Wilding, Editor, Virus Bulletin.

VIRUS BULLETIN
August 1992

PRODUCT PREVIEW 2
Dr. Keith Jackson

VI-SPY - PROFESSIONAL EDITION

It is now over two years since VB reviewed Vi-Spy (May, 1990 to
be precise). If a week is a long time in politics, then two
years is an eternity in the development of anti-virus software,
so another look at Vi-Spy is now long overdue.

Vi-Spy version 9 includes a host of features including an
automatic scheduler program (AUTOVS) which conducts a scan of the
system at pre-determined intervals, memory map comparison, hidden
file count and list, integrity self-checking and a facility to
save boot sectors. A TSR with a range of options is also
included. RG Software refer to the term `8-in-1': Windows, DOS,
LAN, Stand alone PCs, Detection, Removal, Protection and
Scheduling. The options are numerous: this review concentrates
primarily on Vi-Spy's virus-specific detection features.

`VIRUS PRIMER'

Vi-Spy came with two A5 booklets, one of which is the `Guide to
Operations' - a 45 page long user manual. The other booklet (67
pages) is entitled the Computer Virus Primer and Troubleshooting
Guide, which contains an excellent description of what viruses
are, how to combat them, and what to do if a virus is actually
detected. It also provides a very good explanation of how a PC
bootstraps, and how a virus can interact with this process. I
particularly like the way in which emphasis is placed on the fact
that although many software packages (Vi-Spy included) offer a
`cleanup' facility which removes viruses from infected files,
this process can never be guaranteed to work and should be used
with due caution. I even learned from the booklet that the FDISK
supplied with version 5.0 of MS-DOS can be persuaded to repair
the Master Boot Sector of a hard disk without affecting the
partitioning [using the syntax `FDISK /MBR'.Ed.].

I think that this Virus Primer has been pitched at just the right
level. It is difficult to explain viruses in terms understand-
able by non-technical PC users. Producing a `Kiddies' Guide to
Viruses' is of no use to anyone. Conversely, there is a danger
of explaining things in overly-complex terms. This booklet
steers a course midway between these extremes and will prove very
useful to anyone using anti-virus software for the first time.

STANDARD NAMING CONVENTION

Vi-Spy is provided on both 3.5 inch (720 Kb) and 5.25 inch (1.2
Mb) floppy disks. The manual mentions that 360 Kb floppy disks
(5.25 inch) are available, but only on request. Free quarterly
updates are provided for one year from the date of purchase.
Support is also provided via a Bulletin Board (see Technical
Details for the phone number).

The documentation states categorically that Vi-Spy uses the VB
naming convention for all viruses. There have been various
attempts to standardize virus naming conventions, none of which
have been successful, so it is good to see a manufacturer trying
to stick to a known naming convention rather than inventing a
proprietary nomenclature.

INSTALLATION

Installation to a hard disk (in any desired subdirectory) is very
straightforward, with the install program simply requesting
information about where the software should be installed, whether
Windows is to be used, etc. A fast scan (memory, all boot sectors
and some DOS files) is performed before installation commences.
Some Vi-Spy files are supplied in compressed form (using LZH data
compression), and they are automatically decompressed during
installation. After installlation is complete, Vi-Spy can either
be activated as a parameter driven DOS program, or via a drop-
down, mouse driven, menu interface. Either of these methods
works under both DOS and Windows.

On-line help is provided in the form of text files which can be
browsed via the drop-down menu interface. I liked the fact that
all error messages are documented in a text file, thereby
ensuring that they are kept up to date. This is in marked
contrasts to many packages where error reports are not mentioned
anywhere in the documentation. I don't think that Vi-Spy needs a
drop-down menu interface. It's easy enough to use without such
fripperies. However, the developer has deferred to the
inevitable market pressure to provide this feature and its
presence does no harm.

The latest version of Vi-Spy `knows" about 750 unique viruses (an
increase of 250 from the last major upgrade). This is in stark
contrast to the version reviewed two years ago which described
only 22 known viruses in the manual, and increased that number to
46 in the accompanying README file. How the world has moved on
in two years! Interestingly, the manual warns ~BEWARE THE VIRUS
NUMBERS GAME' -an apposite comment; in accuracy tests Vi-Spy has
continually beaten other scanners which claim to detect many more
viruses!

The original version of Vi-Spy requested that it should not be
installed on a hard disk, but that it should always be executed
directly from a write-protected floppy disk, thereby preventing
the possibility of the program itself becoming infected. This is
sound advice, but the addition of the menu driven front end and
all the online documentation reduce the likelihood that the
program will be run this way. However, the menu program does
contain an option to make a `Maintenance' disk, a diskette
version of Vi-Spy.

SCANNER ACCURACY

Vi-Spy was tested against the viruses listed in the Technical
Details section. With just one exception it detected them all,
no matter which scanning options were set. The exception was the
Kamikaze virus, a point of academic interest only as this virus
is unlikely ever to be seen in the wild. Vi-Spy has produced
consistently good results in VB tests; in the most recent test
(VB, June 92, pp. 13-16). Vi-Spy gained a perfect rating for its
ability to detect viruses known to be in the wild and a selection
of polymorphic (encrypting, self-modifying) specimens.

SCANNER SPEED

Vi-Spy's scanning speed was measured by searching the entire
contents of a hard disk, 728 files spread across 22.7 Mbytes.
The time taken by Vi-Spy to scan this disk took 26 seconds. For
comparison purposes, SWEEP (v.2.39) from Sophos, and Findvirus
from Dr. Solomon's Anti-Virus Toolkit (v.5.59) scanned this disk
in 19 seconds and 15 seconds respectively. When every part of
every file was scanned, Vi-Spy's scanning time checked in at 7
minutes 44 seconds (this is the most secure option and its use is
only recommended once a virus has been detected using the
scanner's `turbo' mode). The same detection rate was measured no
matter which of the scanning modes was used, so the `turbo' mode
is still efficient at detecting viruses.

Vi-Spy's test timings were exactly the same when the program was
run under Windows. This is unusual since Windows make programs
typically run more slowly by a factor of two. I'm not sure
whether this is a reflection of efficient coding in Vi-Spy, or
the consequences of using a very fast PC for this month's testing
Vi-Spy was previously among the fastest scanners tested. The
above figures show that it has lost some of that speed advantage.
Having said this, Vi-Spy scan speed is perfectly acceptable.

The scanner also provides a complete screenful of information
about each virus detected, with details about each virus'
infective length, the types of file or sector infected,
transmission methods, associated symptoms, trigger routines
and disinfection. This feature is simply excellent.

MEMORY-RESIDENT FEATURE

A memory-resident program (RVS) is provided with Vi-Spy. RVS
occupies 19.25 Kb of RAM and can be loaded high thus consuming no
conventional memory. RVS searches files for viruses as they are
accessed. Such an action imposes an inevitable overhead on
system performance; in recent reviews of various anti-virus
products the increase in program load/copy time has occasionally
exceeded 250%!

I thus measured the overhead imposed by RVS by recording the
increase in the time taken to copy 90 files (2.3 Mbytes) from one
subdirectory to another, being very careful to disable any disk
cache, avoid using data compressed partitions, and ensuring that
the copy was made to/from exactly the same parts of the hard
disk. With no memory-resident option active, this test took 23
seconds, which increased to 32 seconds when the memory-resident
option was activated in its default mode. When a complete scan
was used this time increased again to 36 seconds. These times
represent increases of 28% and 56% respectively, a very
creditable performance given the amount of checking that has gone
on during the copying process.

The courteous nature of RVS revealed itself when I accidentally
rebooted while it was still active, and a floppy disk had been
left in drive A:, Vi-Spy intervened, reminded me that I was about
to boot from a floppy disk and requested confirmation that this
was my intention.

CONCLUSION

Last time around, I concluded that `Vi-Spy is simple to
understand (it detects viruses and destroys them by overwriting),
easy to use, and very fleet of foot in searching for virus
signatures on a disk'. Nothing has made me change that
conclusion. Vi-Spy has kept up with the recent explosion in the
total number of viruses. It now contains a Computer Virus Primer
and Troubleshooting Guide which I can unreservedly recommend to
the uninitiated user. In short, Vi-Spy knows exactly what it
intends to do and does it extremely well.

TECHNICAL DETAILS

Product: Vi-Spy (Professional Edition)

Developer and Vendor: RG Software Systems, Inc., 6900 E.
Camelback Road, 630 Scottsdale, AZ 85251, USA, Telephone
602 423 8000, Fax: 602 423 8389, BBS: 602 970 6901.

Availability: Vi-Spy requires at least 150 Kb of memory. The
core scanning program will operate using v.2.xx of MS-DOS, while
other programs packaged with Vi-Spy require v.3.2 or above. Vi-
Spy is compatible with Windows 3.0 and 3.1, and will operate on
all major local networks.

Version Evaluated: v.9.0

Serial Number: None Visible

Price: $89.95 (single copy), $149.95 (single copy with quarterly
updates).

Hardware Used: A 33 MHz `486 PC, with one 3.5 inch (1.44 Mb)
floppy disk drive, one 5.25 inch (1.2 Mb) floppy disk drive, and
a 120 Mb hard disk, running under MS-DOS v.5.0.

Virus Test Set: 113 unique viruses spread across 182 individual
virus sample comprising two boot sector viruses (Brain and
Italian) and 111 parasitic viruses. Where more than one variant
of a virus is included, the number of examples of each virus is
shown in brackets.

1049, 1260, 1600, 2144, (2), 405, 417, 492, 4K (2), 5120, 516,
600, 696, 707, 800, 8 TUNES, 905, 948, AIDS, AIDS II, Alabama,
Ambulance, Amoeba (2), Amstrad (2), Anthrax (2), Anti-Pascal,
(5), Armagedon, Attention, Bebe, Blood, Burger (3), Cascade (2),
Casper, Dark Avenger, Datacrime, Datacrime II (2), December 24th,
Destructor, Diamond (2), Dir, Diskjeb, Dot Killer, Durban, Eddie
2, Fellowship, Fish 6 (2), Flash, Flip (2), Fu Manchu (2), Hymn
(2), IceIandic (3), Internal, Itavir, Jerusalem (2), Jocker, Jo-
Jo, July 13th, Kamikaze, Kemerovo, Kennedy, Keypress (2), Lehigh,
Liberty (2), Lovechild, Lozinsky, MIXI (2), MLTI, Monxla, Murphy
(2), Nina, Number of the Beast (5), Oropax, Parity, Perfume,
Piter, Polish 217, Pretoria, Prudents, Rat, Shake, Slow,
Subliminal, Sunday (2), Suomi, Suriv 1.01, Suriv 2.01, SVC (2),
Sverdlov (2), Svir, Sylvia, Taiwan (2), Terror, Tiny (12),
Traceback (2), TUQ, Turbo 488, Typo, Vacsina (8), Vcomm (2),
VFSI, Victor, Vienna (8), Violator, Virus-101 (2), Virus-90,
Voronezh (2), VP, V-1, W13 (2), Whale, Yankee (7), Zero Bug.

------------------------------

End of VIRUS-L Digest [Volume 5 Issue 138]
******************************************

Downloaded From P-80 International Information Systems 304-744-2253