ben.pedersen@canremote.uucp (BEN PEDERSEN) (10/20/89)
Howdy Michael, GT>Does anyone know if there are any programs that will GT>compare the size(s) of .exe and .com files on your GT>PC harddisk with size(s) recorded during a previous GT>execution. The intention being to notice any GT>files which have grown because of infection from a GT>virus? There are programs like this around. If you do any kind of programming you could easily whip one up yourself as well. The general idea would be to have the program read a list of file names from a simple ASCII file, calculate a CRC on each of the files, store the CRC with the file name in the ASCII file, and each time the virus checking program is run subsequently it would recalculate the CRC's and compare them against those stored with the file names. If the CRC's don't match then it can be assumed that something has changed in the file in question. You need to use something like a CRC check because simply checking file sizes usually won't show anything, or at least not until it is too late. FYI: The following is not intended as an advertisement but as information about one of many utilities available to fight computer viruses. I am not affiliated in any way with McAfee Associates. ---------------------------------------------------------------------- VIRUSCAN scans diskettes or entire systems and identifies any pre-existing PC virus infection. VIRUSCAN will indicate the specific files or system areas that are infected and will identify the virus strain which has caused the infection. Removal can then be done manually or, if the infection is widespread, automatic removal utilities are available which can disinfect each virus strain. VIRUSCAN version 0.4V37 can identify 36 major virus strains and numerous sub-varieties for each strain. The 36 viruses include the twelve most common viruses which account for over 90% of all reported PC infections. These viruses infect one of the following areas: The hard disk partition table; the DOS boot sector of hard disks or floppies; or one or more executable files within the system. The executable files may be operating system programs, system device drivers, .COM files, .EXE files, overlay files or any other file which can be loaded into memory and executed. VIRUSCAN identifies every area or file that has become infected and indicates the name of the virus that has infected each file. VIRUSCAN can check the entire system, or an individual diskette for an existing virus. information contact: McAfee Associates 4423 Cheensy Street Santa Clara, CA 95054 408 988 3832 BBS: 408 988 4004 What do you do if a virus is found? Well, if you are a registered VIRUSCAN user, you may contact McAfee Associates for free assistance in manually removing the virus.If you are not a registered user, the following steps should be followed: Boot sector infections: Power down the system. Power up and boot from an uninfected, write protected floppy. Execute the DOS SYS command to attempt an overwrite of the boot sector. This works in many cases. If this does not work, backup all data files and perform a low level format of the disk. Executable file infections: Power down system. Boot from clean, write protected floppy. Remove all infected files. Replace from the original distribution diskettes. Partition table infections: Without a removal utility, the only option is to low level format the media. ---------------------------------------------------------------------- Your local bulletin board probably has this utility and others available. I hope this information is of some use to you. --Regards! --- * QDeLuxe 1.10 #2134
frisk@rhi.hi.is (Fridrik Skulason) (10/23/89)
>Does anyone know if there are any programs that will >compare the size(s) of .exe and .com files on your >PC harddisk with size(s) recorded during a previous >execution. The intention being to notice any >files which have grown because of infection from a >virus? Just one small problem - It is possible for a virus to infect a file, without changing the length. In fact there are already two viruses that do just that, Lehigh and 405. -frisk -- Fridrik Skulason University of Iceland frisk@rhi.hi.is Guvf yvar vagragvbanyyl yrsg oynax .................
leif@ambush.dk (Leif Andrew Rump) (10/27/89)
I've made a program that records time/date, size, attributes and CRC
(if wanted) on any file on a disk - making it impossible to infect
files undetected. But the program is version 0.0a at the time of
writing so I haven't implemented selective check, fast CRC (does
anybody out there have a fast CRC of files for TP5.5) and so on and so
on!
I'll release it to PD as soon as possible - but do you have a function
that should go in BRITTA - that's the name of the girl who told me how
I should make the program - and so I did!
Leif Andrew Rump, AmbraSoft A/S, Roejelskaer 15, DK-2840 Holte, Denmark
UUCP: leif@ambra.dk, phone: +45 42424 111, touch phone: +45 42422 817+313
> > > Why are tall Irish girls with red hair so wonderful ? ? ? < < <