huangcm@iris.ucdavis.edu (Christina M. Huang) (07/21/89)
I ran VIRUSCAN Version 0.3V27 on some virus infected programs. The following are the ones that it positively identified: Italian (Ping Pong) Den Zuk Jerusalem Pakistani Brain 1701/1704 (Cascade) Alameda Lehigh Vienna (DOS62) April First Icelandic Fu Manchu Traceback Datacrime (1280/116B) - -CH
kelly@uts.amdahl.com (Kelly Goen) (07/24/89)
Last week someone asked for inputs about the VIRUSCAN program and
whether or not it had actually identified any viruses. The
following log is an actual log by VIRUSCAN against viruses I have
collected for taxonomy purposes. VIRUSCAN correctly identified
the Virus and strain involved. At present in the log are the
strains of EXE and com infectors I have gathered and will be
testing the boot and partition infectors sometime this week. I
would be interested on anyone elses's inputs that might have
samples of strains that I have not yet tested.
EXE AND COM INFECTORS:
Scanning for 27 viruses.
Scanning boot sectorFECTED\1704.COM
Found 1701/1704 Virus - Version B
Scanning D:\VIRUS\INFECTED\SARATOGA.EXE
Found Saratoga/Icelandic Virus
Scanning D:\VIRUS\INFECTED\ICELANDI.EXE
Found Saratoga/Icelandic Virus
Scanning D:\VIRUS\INFECTED\1168.COM
Found 1168 Virus
Scanning D:\VIRUS\INFECTED\1280.COM
Found 1280 Virus
Scanning D:\VIRUS\INFECTED\1701.COM
Found 1701/1704 Virus - Version B
Scanning D:\VIRUS\INFECTED\1704-B.COM
Found 1701/1704 Virus - Version B
Scanning D:\VIRUS\INFECTED\1704-C.COM
Found 1701/1704 Virus - Version C
Scanning D:\VIRUS\INFECTED\ATTRIB.EXE
Found Jerusalem Virus - Version B
Scanning D:\VIRUS\INFECTED\JRVIR-C.COM
Found Jerusalem Virus - Version B
Scanning D:\VIRUS\INFECTED\JRVIRUS.COM
Found Jerusalem Virus - Version A
More? ( H = Help )NFECTED\NUMOFF.COM
Found Jerusalem Virus - Version A
Scanning D:\VIRUS\INFECTED\DOS62.COM
Found Vienna (DOS 62) Virus - Version A
Scanning D:\VIRUS\INFECTED\FUMANCHU.COM
Found Fu Manchu Virus - Version A
Scanning D:\VIRUS\INFECTED\SURIV01.COM
Found April First Virus - Version C
! Scanning D:\VIRUS\INFECTED\SURIV02.EXE
Found Jerusalem Virus - Version D
Scanning D:\VIRUS\INFECTED\SURIV03.COM
Found Jerusalem Virus - Version E
Scanning D:\VIRUS\INFECTED\INFECTED\1280.COM
Found 1280 Virus
Scanning D:\VIRUS\INFECTED\I2\1168.COM
Found 1168 Virus
Scanning D:\VIRUS\INFECTED\I2\1280.COM
Found 1280 Virus
Scanning D:\VIRUS\INFECTED\I2\1701.COM
Found 1701/1704 Virus - Version B
Scanning D:\VIRUS\INFECTED\I2\1704-B.COM
Found 1701/1704 Virus - Version B
Scanning D:\VIRUS\INFECTED\I2\1704-C.COM
Found 1701/1704 Virus - Version C
More? ( H = Help )NFECTED\I2\1704.COM
Found 1701/1704 Virus - Version B
Scanning D:\VIRUS\INFECTED\I2\1704FRMT.COM
Found 1701/1704 Virus - Version C
Scanning D:\VIRUS\INFECTED\I2\DOS62.COM
Found Vienna (DOS 62) Virus - Version A
Scanning D:\VIRUS\INFECTED\I2\FUMANCHU.COM
Found Fu Manchu Virus - Version A
Scanning D:\VIRUS\INFECTED\I2\ICELANDI.EXE
Found Saratoga/Icelandic Virus
Scanning D:\VIRUS\INFECTED\I2\JRVIR-C.COM
Found Jerusalem Virus - Version B
Scanning D:\VIRUS\INFECTED\I2\JRVIRUS.COM
Found Jerusalem Virus - Version A
Scanning D:\VIRUS\INFECTED\I2\SARATOGA.EXE
Found Saratoga/Icelandic Virus
Scanning D:\VIRUS\INFECTED\I2\SURIV01.COM
Found April First Virus - Version C
Scanning D:\VIRUS\INFECTED\I2\SURIV02.EXE
Found Jerusalem Virus - Version D
Scanning D:\VIRUS\INFECTED\I2\SURIV03.COM
Found Jerusalem Virus - Version E
Scanning D:\VIRUS\INFECTED\I2\TRACEBCK.COM
Found 3066 (Traceback) Virus
More? ( H = Help )RUS.LIB\V3.COM
Found Jerusalem Virus - Version A
Disk D: contains 81 directories and 1466 files.
36 files contain viruses.
This list was edited to eliminate a lot of intermediate output...
information proprietary to my system... The test system is a NEC
PROSPEED 386 Laptop at MS-DOS Level 3.3 .with Quarterdecks
2.25/386 multitasking system. The disk size was a 32 meg
partition running on a 100mb disk.
I will be running the series of tests for boot sector infectors
and partition table infectors later this week and will post those
results then.
cheers
kelly
p.s. I think this should settle any doubts
DISCLAIMER: The views expressed above are not those of AMDAHL
Corp. who has generously provided e-mail facilities or those of
ONSITE CONSULTING... they do represent the views of Cybernetic
Systems Specialists Inc. A CVIA Member... No warranty is
expressed implied or granted in any fashion what so ever...
However The VIRUSCAN program was tested against LIVE viral
programs and it did correctly identify what I have in my archives
to this date..cth_co@tekno.chalmers.se (CHRISTER OLSSON) (07/26/89)
I tested VIRUSCAN but it can't found 1701/1704 (Cascade) virus in files with EXE-extension. If you rename a COM-file to an EXE-file, the 1701 virus infected the file but VIRUSCAN don't check the file because VIRUSCAN only search COM-files for the 1701/1704 (Cascade) -virus.
kelly@uts.amdahl.com (Kelly Goen) (07/28/89)
In article <0005.8907261137.AA08543@ge.sei.cmu.edu>, cth_co@tekno.chalmers.se ( CHRISTER OLSSON) writes: > I tested VIRUSCAN but it can't found 1701/1704 (Cascade) virus in files > with EXE-extension. If you rename a COM-file to an EXE-file, the 1701 > virus infected the file but VIRUSCAN don't check the file because > VIRUSCAN only search COM-files for the 1701/1704 (Cascade) -virus. According to john McAfee at homebase and my own research the 1701 and 1704 viruses are COM infectors only at this point... not exe!!! hope this clears up any misconceptions cheers kelly