conslt13@zeus.unomaha.edu (Troy D. Taylor) (06/06/91)
I have a question for all the virus guru's out on the net. The computer rooms have been getting hit with Yankee Doodle and it is fairly easy to clean, but it is evading our TSR that should stop infected files from loading (Vshield77). I would like to find something like that to prevent the files infected from begin loaded or at least blow whistles and beep and flash if it does load an infected file. later and thanks troy /********************************************************** * Conslt13@zeus.unomaha.edu * Conslt13@unoma1 * * Troy@zeus.unomaha.edu * Troy@unoma1 * * Dragon@odin.unomaha.edu * * **********************************************************/
AWOODHULL@hamp.hampshire.edu (Al Woodhull) (06/07/91)
> The computer rooms have been getting hit with Yankee Doodle and it is > fairly easy to clean, but it is evading our TSR that should stop > infected files from loading (Vshield77). Yankee Doodle and Jerusalem are the only two viruses I have had actual encounters with, and the situation is similar here, one or more of my assembly language programming students reinfect files on the LAN where MASM and Codeview are kept. I have been using VIRSTOP (a TSR scanner) on my own system. VIRSTOP is fast and unobtrusive and is very reliable in preventing execution of small .COM files infected with either of the viruses that have been a problem here. But I find it doesn't always find infected files. I should do a controlled test sometime, but I have a subjective impression that when I do find one of my programs infected it is always a large .EXE file, either ProComm or Emacs. I can't imagine a scanner would be so limited as to be able to scan only one 64K segment, but that would explain what I think I have seen. Can anyone tell me if there are other reasons why a scanner might have problems with a large .EXE file? I understand that VIRSTOP uses the same signature information as McAfee's SCAN V68, so this could be relevant to the problem with VSHIELD77. ! Albert S. Woodhull ! School of Natural Science, Hampshire College, Amherst, MA 01002 ! tel: (413) 549-4600 ext 581 ! awoodhull@hampvms.bitnet, awoodhull@hamp.hampshire.edu