frisk@RHI.HI.IS (Fridrik Skulason) (06/20/91)
I have uploaded to SIMTEL20:
pd1:<msdos.trojan-pro>
FPROT116.ZIP Virus detection/removal/prevention/information
Version 1.16 adds the following features:
Detection, but not disinfection of 27 new viruses:
200
268-plus
483
Bad Boy
Cascade - 2 new variants: Formiche and JoJo-1703
Darth Vader (4 variants)
Diamond - 4 new variants: Damage, Damage-B, David and Greemlin
Eddie - new variant: MIR
Fingers 08/15
Hero
Leech
Murphy - 4 variants: Cemetery, Kamasya, Migram-1 and Migram-2
Stardot
Swiss-143
VCS 1.0
Warrior
Witcode
Detection and removal of 85 new viruses:
1024-PrScr
1575-B (alias 'Greencat-2')
Backtime
Bljec - 7 variants: Bljec-3, Blec-4, Bljec-5, Bljec-6,
Bljec-7, Bljec-8, Bljec-9
Boys
CARA
Casino
Cinderella
Demon (overwriting)
Diamond - new variant: Lucifer
Eddie - 4 new variants: 1028, 1801, Apocalypse-2 and Zeleng
ETC
Frog
Horse (alias 'Naughty Hacker') - 8 variants: Horse-1, Horse-2,
Horse-2B, Horse-3, Horse-4, Horse-5, Horse-6, Horse-7
Incom
Jerusalem - 6 new variants: Apocalypse, Carfield, Discom,
GP1, Phenome and Skism
Keypress-1228
Kiev-483
Little Pieces
Magnitogorsk - new variant: 2048
MG - new variant: MG-1A
Minimal-30
Murphy - 11 new variants: AntiChrist, Diabolik, Erasmus,
Finger, Goblin, Guru, Murphy-3, Murphy-4, Pest,
Smack-1835 and Smack-1841
Mutant - 3 variants
Old Yankee - new variant: Bandit
PcVrsDs
Pixel - 11 new variants: 257, 275, 283, 295, 779, 837,
850, 854, 877, 892, 936
Raubkopi
Sparse
Striker #1
Sylvia-B (previously identified as Sylvia)
Tequila
Tumen - 2 variants: 0.5 and 2.0
USSR-311
Vienna - 2 new variants: Arf and Vienna-645
WWT - 2 variants: WWT-01 and WWT-02 (overwriting)
Yaunch (alias 'Wench')
Yukon (overwriting)
ZK-900
Disinfection of the following viruses, which were detected in
earlier versions:
Faust (alias Chaos) (previously called 'Spyer')
Form
The following names have been changed, in an attempt to reduce
the incredible confusion in the virus naming area.
1075 --> DBF blank
June 4th --> Bloody!
Spyer --> Faust
Turku --> Keypress
The following bugs/problems have been fixed:
The signature for the 1049 virus has been changed, as it
could cause false alarm in the 386COM.SYS file.
F-FCHK would not detect all the possible mutations of
the Whale virus in .COM files, although all infected
.EXE files were found. This has been corrected.
Occasional very long delays when some programs, such as
SORT.EXE in DOS 4.0 were run have been eliminated.
F-OSCHK will now correctly handle the case where a
checksum evaluates to 0, as 0 previously meant "ignore".
Instead the string ----- is now used when a checksum
should be ignored.
When F-DRIVER and F-NET were in use, Novell "execute-only"
programs could sometimes not be executed. This has
been corrected.
F-DRIVER would on some computers fail to detect some boot
sector viruses if it was loaded into high memory (above
640K. This has been corrected - LOADHI etc should now
work without problems.
F-FCHK will now indicate if a program has been compressed by
DIET 1.10, ICE 1.01 or EXEPACK. This warning only indicates that
a virus could possibly have been hidden in the program before it
was packed - not that anything appears to be wrong.
A new file has been added with information on Trojans and "Joke"
programs, often found in virus collections. Those programs are
not a threat like viruses - but some of my competitors detect
them, so....
/QUERY switch added to F-FCHK. if it is used, F-FCHK will ask if
it should disinfect any infected files - this used to be the
default.
A conflict has been reported between F-DRIVER and Desqview, and
I am trying to determine if a problem exists.
-frisk
frisk@rhi.hi.is