roberts@uunet.UU.NET (Robert Stanley) (01/09/91)
Dear Virus-L moderator, With reference to the report of a possible virus in QEMM-386 v5.1, this is not a virus. I have already passed the enclosed information through to the comp.sys.ibm.pc.digest moderator where this report first surfaced on the Internet/Usenet. I have been in touch with Quarterdeck Office Systems because we make extensive use of QEMM-386 in our development environment, and received the following FAX from them. ======================= Start of FAX ============================= Dear Mr. Stanley, Thanks for forwarding the FidoNet message. We will see if we can crawl on FidoNet and set the record strait (sic). For the record, the byte string "EA F0 FF 00 F0" can indeed be found in the OPTIMIZE.EXE and INSTALL.EXE as well as QEMM386.SYS. That code is JMP F000:FFF0. It is the way that we reboot the system. It is an intentional part of our code, not the result of a virus. While rebooting the system is something a virus might do, having this code in your program certainly does not make you a virus. If this is the signature some virus scan program is using to detect the 648 virus, it would seem they need to devise a more discriminating test. Please be assured that our programs are produced under highly controlled circumstances and that great care is taken throughout our organization with respect to virus infection. We are confident that none of the products we have ever shipped have contained viruses. Of course, our disk, like any unprotected diskette is subject to infection by a virus when it is installed on a machine which already carries a virus. If you are concerned about this, you should obtain and run one of the many good virus detection programs, but again, the report you forwarded does not indicate a virus. Hopefully, all of this helps you breath easier. Stan Young Technical Support ======================== End of FAX ============================== We had no evidence of a virus on any of our systems, but I thought I ought to inform them of this report. I have informed Quarterdeck that I am forwarding their reply to you. I believe that you should publish this information as soon as possible, to allay fears that may have been started by the wide dissemination of the original report. If you wish to cross-check my information before publishing it (I, too, could be a malicious prankster), Quarterdeck's standard phone line is (213) 392-9851, and their technical support line is (213) 392-9701. I have no connection with Quarterdeck other than as an extremely satisfied user of QEMM-386. Robert_S - -- Robert Stanley UUCP: uunet!mitel!cunews!cognos!roberts | 3755 Riverside Driv e Cognos, Inc. INet: roberts%cognos.uucp@ccs.carleton.ca | PO Box 9707, Ottawa (Research) Alice: (613) 738-1338 x6115 (EST/EDT) | Ont K1G 3Z4, Canad a [I haven't really lost my mind, I'm sure I have a backup on tape somewhere.]