aryehg@apple.com (Aryeh Goretsky) (04/18/91)
We've received a new variant of the Dark Avenger or "Eddie" virus
that is not picked up by the current version of SCAN. It has been
modified slightly to avoid detection, and all the text strings that
appear in the original Dark Avenger have been changed:
"Eat us !"
"<- Thanks to the Dark Avenger ->"
"(C) 1991 RABID International Development Corp! Scan String Killer Test"
(Quotes do not appear in the virus and are inserted for clarification)
The virus itself is a trivial variation, and will be incorporated
into the next release of SCAN and CLEAN. The virus can be detected
with the following scan string:
#Dark Avenger Virus Variant
"43 75 EF 74 19 2E A1 51" Rabid Avenger [DAV]
The virus can be removed by CLEAN, using the /EXT external virus data
file option as long as the [DAV] identification code is left intact to
tell it to remove it as the Dark Avenger virus. For example:
CLEAN C: /A /EXT davv.txt [DAV]
NOTE: We have had several reports that this virus is circulating in the
Toronto, Ontario (CANADA) area in a file named SHOWGIF or SHWGIF
which is a hacked copy of an older version of CSHOW
Aryeh Goretsky,Tech Sup.|voice (408) 988-3832 |INTERNET
McAfee Associates | fax (408) 970-9727 |aryehg@ozonebbs.uucp -OR-
4423 Cheeney Street | BBS (408) 988-4004 |aryehg@tacom-emh1.army.mil
Santa Clara, CA 95054 | UUCP apple!netcom!nusjecs!ozonebbs!aryehg
"Opinions expressed are my own and may not reflect those of my employer."