COS99284%UFRJ.BITNET@VMA.CC.CMU.EDU (Luiz Felipe Perrone) (09/27/89)
A few weeks ago I received one VIRUS-L digest (unfortunately I do not
remember which one) which had the signatures of two versions of the
Datacrime virus. I happened to loose the listings and to make matters worse
I found out I also had discarded the digest from my mailbox. I wonder if
someone could send me this signatures as soon as possible and also show me
an effective way to look for them in my hard disk.
As a matter of fact it would be of great help to receive all the known
virus signatures, although I guess I might be asking too much.
I study at COPPE/UFRJ in Rio de Janeiro and a couple of months agoall
this fuss about computer viruses was like Science Fiction for me. I had never
seen any kind of it, and thought that it would take a long time before I had
any trouble with them. In Brazil there are no networks like CompuServe, The
Source, PCMagnet, etc. so I thought that the "problems" that affect Europe or
North America couldn't reach us so fast for they would not be downloaded.
But I was quite wrong. About two moths ago I have seen Bouncing-ball and JV
infect the whole Lab in which I work. And worse than that : they have got to
my hard disk. After running a program that kill BB and JV I have run Norton
Utilities to look for the string "sUMsDos" and it found four instances of it.
I still do not know if they belong to sectors in use by .EXE or .COM filesbut
I must say I'm worried. There is a strong possibily that other evil creatures
lurk in my system just waiting for the day to come up and make a big mess.
I would be very grateful if someone could help me to make a list of methods to
take this orcs out from our hard disks and develop anti-virus programs.
I have appreciated the help contained in the VIRUS-L disgests but sometimes
I feel I have missed a lot of the basic information.
[Ed. From an earlier editorial comment (v2i195):
In VIRUS-L volume 2 issue 192, Charles M. Preston
<portal!cup.portal.com!cpreston@sun.com> states that a) Viruscan V36
can detect Datacrime and that b) Datacrime can be identified by the
hex string EB00B40ECD21B4 (1168 version) or 00568DB43005CD21 (1280
version). Note that a hex string search can be done via the DEBUG 'S'
command (e.g., "S CS:100 FFFF hex_string" at the DEBUG prompt), if my
memory of MS-DOS is correct.
]
Thanks a lot and greetings from Brazil
Luiz Felipe Perrone
COS99284@UFRJ - Bitnet