Alan_J_Roberts%Sun.COM@vma.cc.cmu.edu (11/19/89)
The EAGLE.EXE virus reported by Wakeem Rashad was not detected by
SCAN because the Jerusalem Virus (and the trojan it was attached to)
had been purposely compressed into a self extracting EXE file by a
program called AXE (from SEA Systems, Wayne, NJ). This program has
been used by a number of crackers to try to plant infected software
onto bulletin board systems. There is unfortunately little that can
be done to detect viruses in these AXE'd EXE files. The virus will be
caught as soon as it attempts to spread, since the next file it
attaches to will be infected in the normal manner. It would be
possible to screen out all AXE'd files, but that would be detrimental
to the legitimate use of AXE by original program authors who wish to
decrease the size of their executable modules.
If you have run one of these self extracting programs and suspect
a virus, run SCAN with the /M option to search for it in memory.
Alan