AWCTTYPA@UIAMVS.BITNET ("David A. Lyons") (08/08/88)
>Date: Sat, 6 Aug 88 19:47:30 PDT >From: Physical T5--Virtual T7 <craparotta%kyoa.DEC@DECWRL.DEC.COM> >Subject: Clints Message >>One of the most devious virus attempts I have seen is a 'virus >>eliminator' that supposedly looked for CyberAIDS (supposedly >>written by Tom E. Hawk) in SYS files and 'destroyed' it. [...] >>**** The program itself installed CyberAIDS in the PRODOS file. >>Quite nasty, eh? I suggest writing thy own virus debuggers! **** >>Clint Fleckenstein ("SpyroGyra") >>NU132271@NDSUVM1.BITNET >If you all look at the last sentence, it states that the Program itself >installed the VIRUS. I'd interpet that itself as a Virus... If you don't >like my interpetation, tough.. That's what makes the World go round... >Joe The scenario as presented is not possible. CyberAIDS can *NOT* infect the PRODOS file; only other SYS files. CyberAIDS attaches itself to a SYS file and executes *BEFORE* the other SYS file. If CyberAIDS tried to infect PRODOS, it would execute *before* ProDOS had installed itself. The MLI calls CyberAIDS makes to ProDOS (JSR $BF00) would fail, almost certainly crashing the machine immediately on boot and alerting the user that something was wrong. I think we need to be very careful to get facts straight before accusing anyone of bad deeds. If you have a copy of the virus eliminator that allegedly infected your program, please send a copy of it to someone in a position to check it out: Open-Apple (UNCLE-DOS on GEnie, or U.S. Mail), or me (E-mail or U.S. mail), or Morgan Davis (posted a virus clenser recently himself & I can vouch for his character!). --David A. Lyons a.k.a. DAL Systems PO Box 287 | North Liberty, IA 52317 BITNET: AWCTTYPA@UIAMVS CompuServe: 72177,3233 GEnie mail: D.LYONS2