p1@rlyeh.wimsey.bc.ca (Rob Slade) (12/08/90)
I tend to use Word Perfect's "Files List" feature to move files around on the disk, and to make up floppies. I was doing just that, when I got a message that I had been "running an infected file. PREVENT1 has removed the infection." This was a little odd, since Word Perfect is one of the commercial programs that does it's own self check. Not proof against a stealth virus, of course, but still, it would be an unlikely candidate for infection. PREVENT1 had dumped me back at the DOS prompt, so I did a quick F-SYSCHK. Nothing. I F-FCHKed, SCANned and VPCSCANned the WP51 directory, with no results. (VPCSCAN is the scanning portion of Virex-PC, written by Ross Greenburg of Flu-Shot fame. Let me say in passing that it is *FAST*.) Then I got to thinking. One of the files I had been trying to delete was a .COM file. So I tried it again. Same result. I tried deleting a few other types of files. No problems with anything but a .COM or an .EXE. I got sneaky and renamed MOVE.COM to MOVE.TXT. PREVENT1 didn't like that either, so it's pretty sneaky itself. PREVENT1 does not interfere with PCTOOLS deletion of program files, and I don't know what the difference would be, although I assume PCTOOLS would use a "deeper" call to do it's deletions than WP would. So Antivirus Plus is making some assumptions, generally valid, about what some programs should be doing with other program files. A way to catch unknown viri, perhaps, but it may interfere with operations you want to do if, like me, you use programs for things they were never meant to do. :)