craparotta@kyoa.DEC.COM (Physical T5--Virtual T7) (08/10/88)
Since I've had a "FEW" people stated that I can't read English [tho most people agree with me] , I will *STATE* that Tome E Hawk DID NOT write *ANY* so called VIRUS detector. For any computer. I was more concerned with clearing a friends name. As I said this rumor has been around since May. I would hope that most of the people out there has a friend that would do the same for them. I suppose most of the people wrote me, might not... :-) I also would like to apologize to Clint, if I offended him.. Can't be right all the time.. [so early in the year for me to be wrong :-))))) ] Joe
c60c-3aw@web-3d.berkeley.edu (Andy McFadden) (11/15/88)
In article <8877@smoke.BRL.MIL> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes: >In article <8811091615.aa24516@SMOKE.BRL.MIL> abc@BRL.MIL (Brint Cooper) writes: >>All the media insist that 60,000 (!) computers were affected (6,000 >>sounds more plausibe really... but then. > >There are 6000 hosts in the NIC host table alone. If you take into >account the domain system and gateways there could easily be 60000 >accessible hosts. Although probably most of them missed catching >the virus, they were all potentially affected by the loss of service >when the whole Internet was effectively shut down. The virus should only have been able to do serious damage to VAX or Suns; those were the binaries that were FTPed. The 60,000 figure seems reasonable if you take Sun networks into account. Now that I think about it, this is the wrong place to be discussing this... alt.virus, anyone? -- fadden@zen.berkeley.edu [crashed] c60c-3aw@widow.berkeley.edu (Andy McFadden) (Outgoing E-mail has about a 40% chance of successfully reaching you. Feel free to respond through the mail, but I probably can't answer.)
gwyn@smoke.BRL.MIL (Doug Gwyn ) (11/15/88)
In article <16984@agate.BERKELEY.EDU> c60c-3aw@web-3d.berkeley.edu (Andy McFadden) writes: >The virus should only have been able to do serious damage to VAX or Suns; those >were the binaries that were FTPed. The binaries weren't FTPed, and in any case hosts other than VAXes and Suns were attacked, although only the first of the two virus stages survived. (The first stage was essentially a downloader and initiator of the second stage, and the second stage carried out the further propagation.)
nparker@CIE.UOREGON.EDU (09/19/89)
In article <8909170936.AA12715@trout.nosc.mil>, bbean@pro-sat.cts.com (Bruce Bean) writes: >Network Comment: to #12567 by ST802148%BROWNVM.BITNET@mitvma.mit.edu > ><From: ST802148%BROWNVM.BITNET@mitvma.mit.edu (Evan) ><Subject: Viruses >< ><Have any of you encountered an Apple II virus where upon each boot of Prodos, > ><the computer scans available volumes (obviously to spread them), and then ><boots fine UNTIL one day when prodos doesn't show up on your hard drive - ><intead a graphics screen with some skulls and crossbones followed by a text ><screen of how everything on the drive has been anniliated and was the work ><of some sadistic hackers? > > I though people might like to hear about this, Source for VIRUS.KILLER >follows... > > July 10, 1989 * * LOAD RUNNER * * (virus title) Sorry--hate to rain on your parade, but the symptoms described are NOT those of the LOAD RUNNER virus. LOAD RUNNER doesn't "go off" until the GS's system clock says the month is Oct, Nov, or Dec, and when it does "go off" it puts up a text-only screen and wipes out the boot blocks of the infected disk. It doesn't wipe out any files or directories, just boot blocks. Also, it doesn't scan the drives--its code is specific to slot 5, drive 1. I haven't seen any of the other viruses for the Apple, so I can't speak knowledgeably about them, but doesn't CyberAIDS or Festering Hate scan the drives? Could it be one of these viruses? Finally, DON'T try to use the VIRUS.KILLER program that appeared at the end of the quoted article! I don't know if the original was sent off like that, but when it arrived at my site, it was badly garbled. Besides, VIRUS.KILLER was designed specifically for the LOAD RUNNER virus, and cannot detect or remove any other virus, and as I said before, I don't think the virus in question is LOAD RUNNER. By the way, if anybody out there needs a non-garbled copy of VIRUS.KILLER, send e-mail to nparker@cie.uoregon.edu and I'll be happy to e-mail a copy back to you. Neil Parker | nparker@cie.uoregon.edu (if that bounces, try 1810 Harris, #123 | PARKER@astro.uoregon.edu) Eugene, OR 97403-1334 |----------------------------------------------- (address subject to change) | (insert witty quotation here)