drsolly@ibmpcug.co.uk (Alan Solomon) (11/05/89)
There has been a number of people recently calling for information
about some of the newer viruses, like Ogre, and Dark Avenger. What
follows are excerpts from the manual of a commercial product; it's OK
for me to post this, as I wrote it and have the copyright! I shan't
mention the name of the product, but I must apologise that the pages
of the manual do refer to various components of the product. Where it
refers to Findvirus, please take this as meaning any virus scanning
program that knows about the virus in question; when it refers to
Peeka, please take this as meaning any disk sector editor. The
paragraph numbers are the chapter numbers in the manual.
I've taken the liberty of calling Ross Greenberg's discovery Fumble
instead of Typo, as there is already a Typo in the literature, and we
don't want two viruses with the same name. Sorry, Ross.
If anyone finds any errors or significant omissions in these
descriptions, please respond via email or fax to me directly.
Finally, could I please lay one myth to rest. Datacrime (called
Columbus day in the US) does the low level format on October 13th and
every day thereafter until December 31st. It does this in versions
1168, 1280 (infective lengths) and Datacrime II. It does NOT do
anything on October 12th, and Datacrime II does NOT go off on Jan 1 to
Oct 12th. Datacrime II refrains from the format on Mondays. The
whole October 12th thing was caused by a misunderstanding about dates,
picked up by the media and turned into a factoid.
The other important thing about Datacrime, is that it is extremely
uncommon indeed. We have had no (zero, nil) cases in the UK, and I
know of only two cases in Holland. Does anyone know of any
*confirmed*, definite, sightings? Apart from Fridrik's self inflicted
accident, of course :-)
Dr Alan Solomon Day voice: +44 494 791900
S&S Anti Virus Group Eve voice: +44 494 724201
Water Meadow Fax: +44 494 791602
Germain Street, BBS: +44 494 724946
Chesham, Fido node: 254/29
Bucks, HP5 1LP Usenet: drsolly@ibmpcug.co.uk
England Gold: 83:JNL246
CIX, CONNECT drsolly
[Ed. Because of the length of the excerpts, I've sent them to the
comp.virus documentation archive sites. Access information will be
posted shortly.]