mcafee@NETCOM.COM (McAfee Associates) (06/28/91)
I have uploaded to SIMTEL20:
pd1:<msdos.trojan-pro>
CLEAN80.ZIP Universal virus disinfector, heals/removes
NETSCN80.ZIP Network compatible - scan for 293 viruses, v80
SCANV80.ZIP VirusScan, scans disk files for 293 viruses
VSHLD80.ZIP Resident virus infection prevention program
WHAT'S NEW
VIRUSCAN
Versions 78 and 79 of VIRUSCAN were skipped because of two
trojan horse versions that appeared. Version 80 of SCAN logically
follows V77.
Version 80 adds several new features to VIRUSCAN:
The first is that SCAN now checks inside of files compressed
with PKWare's PKLITE program for viruses. Files infected before
compression will be reported as being infected internally. Files
infected after compression will be reported as being infected
externally.
When a subdirectory is scanned, SCAN will check subdirectories
below that subdirectory when the /SUB option is used.
The extension .SWP has been added to the list of extensions
scanned by default.
The /REPORT option now displays version number, options used,
date and time, and validation code results.
Also, the capabilty to detect unknown boot sector viruses by
scanning for virus-like code has been added. If a boot sector is
found that contains suspicious code, SCAN will report that the disk
contains a Unrecognized Boot Sector Virus.
51 new viruses have been added. Ones that were reported at
multiple sites are:
The Telephonica virus -- a memory-resident multipartite
virus that infects the boot sectors of floppy disks, the hard disk
partition table, and .COM files. The virus infects .COM files at
about 15 minute intervals, and keeps a counter of the number of
reboots that have occurred. When 400 reboots have occurred, the
virus displays the message "VIRUS ANTITELEFONICA (BARCELONA)" and
formats the hard disk. The virus has been reported at multiple
sites in Barcelona, Spain and in England.
The Loa Duong virus -- a memory-resident floppy disk and hard
disk boot sector infector. It is named after a Laotian funeral
dirge that it plays after every 128 disk accesses.
The Michelangelo -- a floppy disk boot sector and hard disk
partition table infector based on the Stoned virus. On March 6,
Michelangelo's birthdate, it formats the hard disk of infected
PC's.
The Tequila virus -- sent to us from the United Kingdom but
originates in Switzerland. It is a memory-resident multipartite
virus uses stealth techniques and attaches to the boot sector of
floppies, partition table of hard disks, and .EXE files. It
contains messages saying "Welcome to T.TEQUILA's latest
production.", "Loving thoughts to L.I.N.D.A", and "BEER and TEQUILA
forever !"
CLEAN-UP
The Empire, Form, Loa Duong, Michaelangelo, Nomenclature,
Tequila and V-801 viruses have been added to the list of viruses
that can be successfully removed.
VSHIELD
Version 80 of VSHIELD adds a command to ignore program loads
off of specified drives. When the /IGNORE option is activated, the
user can specify from which drives VSHIELD will NOT monitor program
loads. Also, the capabilty to detect unknown boot sector viruses
by scanning for virus-like code has been added. If a diskette boot
sector contains suspicious code and a re-boot request is attempted
from the diskette, VSHIELD will disallow the re-boot and will
report that the disk contains a Unrecognized Boot Sector Virus.
NETSCAN
Version 80 of NETSCAN adds 51 new viruses.
VCOPY
VCOPY Version 80 hasn't been released yet, but should follow
in a couple of days, as usual.
THE NUMBER OF VIRUSES
Version 80 adds 51 computer viruses, bringing the number of
strains to 293, or, counting variants, 714.
Aryeh Goretsky
McAfee Associates Technical Support
mcafee@netcom.com