dr.warren@pro-graphics.cts.com (Warren Lieuallen) (12/15/90)
I've had a computer for years, and thought right along with everybody else that all this virus hoopla was way overblown by the media. Well, lo and behold, I just got "bitten" by the Jerusalem virus last week. Managed to recover nicely, thanks to the Scan program, but thought I'd pass around the word that viruses are apparently still alive and well. Don't know the precise source of this one, but strongly suspect a shared computer at work, which has had several pirated games added to it in the last few weeks (not by me, so don't send nasty replies!). Viruses planted in pirated stuff is ironic justice, but the innocent also suffer. ========================Pro-Graphics BBS @ (908)469-0049======================= Dr. Warren G. Lieuallen Internet: dr.warren@pro-graphics.cts.com 93 Windy Willow Way UUCP: crash!pro-graphics!dr.warren Branchburg, NJ 08876 ARPA: crash!pro-graphics!dr.warren@nosc.mil ======"Imagination is more important than knowledge." -- Albert Einstein=======
hp0p+@andrew.cmu.edu (Hokkun Pang) (12/15/90)
pardon my ignorance, but is it possible that computer virus can be implanted into non exe/com files? I have been checking all my incoming *.exe and *.com files. I wonder if I should have been checking files of other formats too?
crjones@eecs.wsu.edu (Craig Jones - grad student) (12/16/90)
In article 4171 of comp.sys.ibm.pc.misc: dr.warren@pro-graphics.cts.com (Warren Lieuallen) writes: |Subject: Virus Warning! |Message-ID: <6336@crash.cts.com> |Date: 15 Dec 90 02:56:19 GMT | | I've had a computer for years, and thought right along with everybody |else that all this virus hoopla was way overblown by the media. Well, |lo and behold, I just got "bitten" by the Jerusalem virus last week. |Managed to recover nicely, thanks to the Scan program, but thought I'd |pass around the word that viruses are apparently still alive and well. |Don't know the precise source of this one, but strongly suspect a shared |computer at work, which has had several pirated games added to it in |the last few weeks (not by me, so don't send nasty replies!). Viruses |planted in pirated stuff is ironic justice, but the innocent also |suffer. | I'm a supervisory teaching assistant for an introductory computer course serving approx. 900 business students each semester. We have the students do some basic assignments in word processing, spreadsheets, and relational databases using ancient PC's with TWO FLOPPY drives only (ie. no hard drives). Somehow these people manage to collect all sorts of viruses each semester. From the visits that my TA's and I have from students with crippled/infected disks I would hazard a guess that maybe 40% of the 900 pick up some sort of virus during the semester -- whether they know it or not. Moral of story: People who write viruses are geeks -and- You can't be too careful. These things can propagate in even the most unlikely of circumstances. Boot clean. Scan often. Don't even trust your own dog's disks. Craig Jones -- Fully disclaimed and virus-free (I hope).
sci240s@monu6.cc.monash.edu.au (mr w.j. ho) (12/17/90)
hp0p+@andrew.cmu.edu (Hokkun Pang) writes: Yes! But I can't confirm if they can be activated. Some experiences are with Jerusalem virus in XTree Gold files. >pardon my ignorance, but is it possible that computer virus can be implanted >into non exe/com files? I have been checking all my incoming *.exe and *.com >files. I wonder if I should have been checking files of other formats too? -- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^ Wey Jing Ho Tel: 61-3-5732567 E-mail : sci240s@monu6.cc.monash.edu.au ^ ^ Physics Dept., Monash University ( Caulfield Campus ), Melbourne, AUSTRALIA ^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
hp0p+@andrew.cmu.edu (Hokkun Pang) (12/18/90)
I have a question on the Jeruselum (sp?) virus. I heard that it 's destructive
only when an illegal copy of a certain program is presented in the system, is
this right? I have cured two computers with this virus in a mattter of minutes.
The virus didn't seem to do any damage to the two computer even though the virus had lived quite a while.
PS, one of the system belonged to my cousin who got the virus from his high
school's student disk. When my cousin showed his teacher about the virus,
the teacher was so confused that he had to ask my cousin what a virus was.
I guess the virus still lives in the school's computer lab....silver@xrtll.uucp (Hi Ho Silver) (12/23/90)
In article <1990Dec16.220531.2102@monu6.cc.monash.edu.au> sci240s@monu6.cc.monash.edu.au (mr w.j. ho) writes: $hp0p+@andrew.cmu.edu (Hokkun Pang) writes: $>pardon my ignorance, but is it possible that computer virus can be implanted $>into non exe/com files? I have been checking all my incoming *.exe and *.com $>files. I wonder if I should have been checking files of other formats too? The way a virus is spread is by running an infected program. When you do this, the virus puts itself in memory and starts infecting other programs. In order for this to happen, the virus itself must be executed, so it can only spread by infecting executable code (batch files don't count). Note that I said executable code, not executables. If a virus infects an overlay file or a device driver, it may well get loaded into memory and executed, so .EXE and .COM files aren't the only ones to check. So you ask what other extensions to check? There isn't a definite list, as there is no standard for such extensions. But device drivers are usually .SYS or .BIN, and overlays are often .OVL or .OVR. Also, overlays generally aren't as easy to infect from a programmer's point of view, so most viruses don't bother with them. McAfee's SCAN knows what the most common extensions for infectable files are. If you place all incoming files into a directory and run SCAN on that directory (e.g. SCAN C:\NEW), it will scan the ones it thinks are most likely to be executable code. -- __ __ _ | ...!nexus.yorku.edu!xrtll!silver | always (__ | | | | |_ |_) >----------------------------------< searching __) | |_ \/ |__ | \ | if you don't like my posts, type | for _____________________/ find / -print|xargs cat|compress | SNTF
silver@xrtll.uucp (Hi Ho Silver) (12/23/90)
In article <gbPQz7200WB4A1u1sF@andrew.cmu.edu> hp0p+@andrew.cmu.edu (Hokkun Pang) writes:
$I have a question on the Jeruselum (sp?) virus. I heard that it 's destructive
$only when an illegal copy of a certain program is presented in the system, is
$this right? I have cured two computers with this virus in a mattter of minutes.
$The virus didn't seem to do any damage to the two computer even though the virus had lived quite a while.
I've only run across one Jerusalem infection, though it was on several
computers as it was spread across a network with poor security. I'm not a
virus expert, so I don't know if this was the only Jerusalem strain or if
others might be slightly different. There are many sources for virus
information if you're interested - try looking in comp.virus, for example.
It infected programs regardless of whether they were infected or not.
Once a program had been infected a large number of times (I think somewhere
in the 10-12 range), it would stop working properly (return to DOS without
running or hang the machine, usually). I managed to get rid of it without
harm to almost all of the files it had infected; McAfee's CLEAN, however,
reported it was unable to remove it from two files (one was Lotus 1-2-3)
and had to overwrite and delete them.
--
__ __ _ | ...!nexus.yorku.edu!xrtll!silver | always
(__ | | | | |_ |_) >----------------------------------< searching
__) | |_ \/ |__ | \ | if you don't like my posts, type | for
_____________________/ find / -print|xargs cat|compress | SNTF