frisk@RHI.HI.IS (Fridrik Skulason) (06/20/91)
I have uploaded to SIMTEL20: pd1:<msdos.trojan-pro> FPROT116.ZIP Virus detection/removal/prevention/information Version 1.16 adds the following features: Detection, but not disinfection of 27 new viruses: 200 268-plus 483 Bad Boy Cascade - 2 new variants: Formiche and JoJo-1703 Darth Vader (4 variants) Diamond - 4 new variants: Damage, Damage-B, David and Greemlin Eddie - new variant: MIR Fingers 08/15 Hero Leech Murphy - 4 variants: Cemetery, Kamasya, Migram-1 and Migram-2 Stardot Swiss-143 VCS 1.0 Warrior Witcode Detection and removal of 85 new viruses: 1024-PrScr 1575-B (alias 'Greencat-2') Backtime Bljec - 7 variants: Bljec-3, Blec-4, Bljec-5, Bljec-6, Bljec-7, Bljec-8, Bljec-9 Boys CARA Casino Cinderella Demon (overwriting) Diamond - new variant: Lucifer Eddie - 4 new variants: 1028, 1801, Apocalypse-2 and Zeleng ETC Frog Horse (alias 'Naughty Hacker') - 8 variants: Horse-1, Horse-2, Horse-2B, Horse-3, Horse-4, Horse-5, Horse-6, Horse-7 Incom Jerusalem - 6 new variants: Apocalypse, Carfield, Discom, GP1, Phenome and Skism Keypress-1228 Kiev-483 Little Pieces Magnitogorsk - new variant: 2048 MG - new variant: MG-1A Minimal-30 Murphy - 11 new variants: AntiChrist, Diabolik, Erasmus, Finger, Goblin, Guru, Murphy-3, Murphy-4, Pest, Smack-1835 and Smack-1841 Mutant - 3 variants Old Yankee - new variant: Bandit PcVrsDs Pixel - 11 new variants: 257, 275, 283, 295, 779, 837, 850, 854, 877, 892, 936 Raubkopi Sparse Striker #1 Sylvia-B (previously identified as Sylvia) Tequila Tumen - 2 variants: 0.5 and 2.0 USSR-311 Vienna - 2 new variants: Arf and Vienna-645 WWT - 2 variants: WWT-01 and WWT-02 (overwriting) Yaunch (alias 'Wench') Yukon (overwriting) ZK-900 Disinfection of the following viruses, which were detected in earlier versions: Faust (alias Chaos) (previously called 'Spyer') Form The following names have been changed, in an attempt to reduce the incredible confusion in the virus naming area. 1075 --> DBF blank June 4th --> Bloody! Spyer --> Faust Turku --> Keypress The following bugs/problems have been fixed: The signature for the 1049 virus has been changed, as it could cause false alarm in the 386COM.SYS file. F-FCHK would not detect all the possible mutations of the Whale virus in .COM files, although all infected .EXE files were found. This has been corrected. Occasional very long delays when some programs, such as SORT.EXE in DOS 4.0 were run have been eliminated. F-OSCHK will now correctly handle the case where a checksum evaluates to 0, as 0 previously meant "ignore". Instead the string ----- is now used when a checksum should be ignored. When F-DRIVER and F-NET were in use, Novell "execute-only" programs could sometimes not be executed. This has been corrected. F-DRIVER would on some computers fail to detect some boot sector viruses if it was loaded into high memory (above 640K. This has been corrected - LOADHI etc should now work without problems. F-FCHK will now indicate if a program has been compressed by DIET 1.10, ICE 1.01 or EXEPACK. This warning only indicates that a virus could possibly have been hidden in the program before it was packed - not that anything appears to be wrong. A new file has been added with information on Trojans and "Joke" programs, often found in virus collections. Those programs are not a threat like viruses - but some of my competitors detect them, so.... /QUERY switch added to F-FCHK. if it is used, F-FCHK will ask if it should disinfect any infected files - this used to be the default. A conflict has been reported between F-DRIVER and Desqview, and I am trying to determine if a problem exists. -frisk frisk@rhi.hi.is