ben.pedersen@canremote.uucp (BEN PEDERSEN) (10/20/89)
Howdy Michael,
GT>Does anyone know if there are any programs that will
GT>compare the size(s) of .exe and .com files on your
GT>PC harddisk with size(s) recorded during a previous
GT>execution. The intention being to notice any
GT>files which have grown because of infection from a
GT>virus?
There are programs like this around. If you do any kind of programming
you could easily whip one up yourself as well. The general idea would be
to have the program read a list of file names from a simple ASCII file,
calculate a CRC on each of the files, store the CRC with the file name
in the ASCII file, and each time the virus checking program is run
subsequently it would recalculate the CRC's and compare them against
those stored with the file names. If the CRC's don't match then it can
be assumed that something has changed in the file in question. You need
to use something like a CRC check because simply checking file sizes
usually won't show anything, or at least not until it is too late.
FYI: The following is not intended as an advertisement but as
information about one of many utilities available to fight computer
viruses. I am not affiliated in any way with McAfee Associates.
----------------------------------------------------------------------
VIRUSCAN scans diskettes or entire systems and identifies any
pre-existing PC virus infection. VIRUSCAN will indicate the specific
files or system areas that are infected and will identify the virus
strain which has caused the infection. Removal can then be done
manually or, if the infection is widespread, automatic removal utilities
are available which can disinfect each virus strain. VIRUSCAN version
0.4V37 can identify 36 major virus strains and numerous sub-varieties
for each strain. The 36 viruses include the twelve most common viruses
which account for over 90% of all reported PC infections. These viruses
infect one of the following areas: The hard disk partition table; the
DOS boot sector of hard disks or floppies; or one or more executable
files within the system. The executable files may be operating system
programs, system device drivers, .COM files, .EXE files, overlay files
or any other file which can be loaded into memory and executed. VIRUSCAN
identifies every area or file that has become infected and indicates the
name of the virus that has infected each file. VIRUSCAN can check the
entire system, or an individual diskette for an existing virus.
information contact:
McAfee Associates
4423 Cheensy Street
Santa Clara, CA 95054
408 988 3832
BBS: 408 988 4004
What do you do if a virus is found? Well, if you are a registered
VIRUSCAN user, you may contact McAfee Associates for free assistance in
manually removing the virus.If you are not a registered user, the
following steps should be followed:
Boot sector infections: Power down the system. Power up and boot from
an uninfected, write protected floppy. Execute the DOS SYS command to
attempt an overwrite of the boot sector. This works in many cases. If
this does not work, backup all data files and perform a low level format
of the disk.
Executable file infections: Power down system. Boot from clean, write
protected floppy. Remove all infected files. Replace from the original
distribution diskettes.
Partition table infections: Without a removal utility, the only option
is to low level format the media.
----------------------------------------------------------------------
Your local bulletin board probably has this utility and others
available. I hope this information is of some use to you.
--Regards!
---
* QDeLuxe 1.10 #2134frisk@rhi.hi.is (Fridrik Skulason) (10/23/89)
>Does anyone know if there are any programs that will >compare the size(s) of .exe and .com files on your >PC harddisk with size(s) recorded during a previous >execution. The intention being to notice any >files which have grown because of infection from a >virus? Just one small problem - It is possible for a virus to infect a file, without changing the length. In fact there are already two viruses that do just that, Lehigh and 405. -frisk -- Fridrik Skulason University of Iceland frisk@rhi.hi.is Guvf yvar vagragvbanyyl yrsg oynax .................
leif@ambush.dk (Leif Andrew Rump) (10/27/89)
I've made a program that records time/date, size, attributes and CRC
(if wanted) on any file on a disk - making it impossible to infect
files undetected. But the program is version 0.0a at the time of
writing so I haven't implemented selective check, fast CRC (does
anybody out there have a fast CRC of files for TP5.5) and so on and so
on!
I'll release it to PD as soon as possible - but do you have a function
that should go in BRITTA - that's the name of the girl who told me how
I should make the program - and so I did!
Leif Andrew Rump, AmbraSoft A/S, Roejelskaer 15, DK-2840 Holte, Denmark
UUCP: leif@ambra.dk, phone: +45 42424 111, touch phone: +45 42422 817+313
> > > Why are tall Irish girls with red hair so wonderful ? ? ? < < <