Alan_J_Roberts@Sun.COM (09/18/89)
I though the following message on HomeBase from John McAfee might be of
interest:
We have received a new encrypting .COM infector from Dave Chess at
IBM and have updated the VIRUSCAN program to be able to identify it.
Please download SCANV37.ARC and replace your current version of SCAN.
We are trying to find out how widespread this virus may be, so if
anyone identifies this virus using SCAN, please contact us
immediately. We know little about this virus as yet, but three
volunteers are currently analyzing it. We should have a report by the
21st. The only indications so far are: It increases the size of
infected COM files by 3555 bytes; It is able to infect COMMAND.COM; it
has a 50 byte encryption routine, similar to DATACRIME II; It infects
COM files at the time that the infected program is loaded - it does
not appear to be memory resident; It sometimes cause the message -
"Error Writing to Device AUX1" to occur at the time an infected
program is executed. We have no indication of activation date or
function at this time. Again PLEASE contact the board if SCAN
displays the message - "Found 3555 virus".
Thanks. John