ACS1W@uhvax1.uh.edu (Meesh) (09/19/89)
I'm the editor of our university's computing newletter. I need to know how users can detect the October 12/13 virus ahead of time. Is there a way at all? I don't want to alarm users, but I feel they should know about the possible existence of this problem. Thanks. [Ed. In VIRUS-L volume 2 issue 192, Charles M. Preston <portal!cup.portal.com!cpreston@sun.com> states that a) Viruscan V36 can detect Datacrime and that b) Datacrime can be identified by the hex string EB00B40ECD21B4 (1168 version) or 00568DB43005CD21 (1280 version). Note that a hex string search can be done via the DEBUG 'S' command (e.g., "S CS:100 FFFF hex_string" at the DEBUG prompt), if my memory of MS-DOS is correct.] Michelle Gardner Coordinator, Information Services Information Technology University of Houston
hollombe%sdcsvax@ucsd.edu (The Polymath) (09/21/89)
In article <0003.8909191146.AA07427@ge.sei.cmu.edu> ACS1W@uhvax1.uh.edu (Meesh) writes: }I'm the editor of our university's computing newletter. I need to }know how users can detect the October 12/13 virus ahead of time. Is }there a way at all? ... How about backing up the hard disk, then setting the system date ahead to October 13 and re-booting? [Ed. Sounds (to me) kind of like testing to see if the mines in an inert minefield are "ert" by having someone walk through it. :-)] - -- The Polymath (aka: Jerry Hollombe, hollombe@ttidca.tti.com) Illegitimis non Citicorp(+)TTI Carborundum 3100 Ocean Park Blvd. (213) 452-9191, x2483 Santa Monica, CA 90405 {csun|philabs|psivax}!ttidca!hollombe
hollombe%sdcsvax@ucsd.edu (The Polymath) (09/27/89)
In article <0006.8909251230.AA29228@ge.sei.cmu.edu> ttidca.TTI.COM!hollombe%sdc svax@ucsd.edu (The Polymath) writes: }}I'm the editor of our university's computing newletter. I need to }}know how users can detect the October 12/13 virus ahead of time. Is }}there a way at all? ... } }How about backing up the hard disk, then setting the system date ahead to }October 13 and re-booting? Since posting this, I've been advised that some viruses are designed to detect and avoid this test. They do so by keeping track of date increments to make sure they occur one day at a time. Typically, they store a week's worth of dates, possibly more. Assuming a one week buffer, you'd have to implement the sequence "increment date, re-boot, run infected program" at least 8 times to bypass such a check. It's getting nasty out there. }[Ed. Sounds (to me) kind of like testing to see if the mines in an }inert minefield are "ert" by having someone walk through it. :-)] I did say to back up the hard drive first. That way you can resurrect your mine tester if it happens to step on an "ert" mine. (-: The Polymath (aka: Jerry Hollombe, hollombe@ttidca.tti.com) Illegitimis non Citicorp(+)TTI Carborundum 3100 Ocean Park Blvd. (213) 452-9191, x2483 Santa Monica, CA 90405 {csun|philabs|psivax}!ttidca!hollombe