Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: kelly@uts.amdahl.com (Kelly Goen)
Newsgroups: comp.virus
Subject: Re: VIRUSCAN tested (PC)
Message-ID: <0013.8907241308.AA00452@ge.sei.cmu.edu>
Date: 24 Jul 89 08:04:25 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 111
Approved: krvw@sei.cmu.edu


          Last week someone asked for inputs about the VIRUSCAN program and
          whether or not it had actually identified any viruses. The
          following log is an actual log by VIRUSCAN against viruses I have
          collected for taxonomy purposes. VIRUSCAN correctly identified
          the Virus and strain involved. At present in the log are the
          strains of EXE and com infectors I have gathered and will be
          testing the boot and partition infectors sometime this week. I
          would be interested on anyone elses's inputs that might have
          samples of strains that I have not yet tested.

                                   EXE AND COM INFECTORS:

          Scanning for 27 viruses.
          Scanning boot sectorFECTED\1704.COM
            Found 1701/1704 Virus - Version B
          Scanning D:\VIRUS\INFECTED\SARATOGA.EXE
            Found Saratoga/Icelandic Virus
          Scanning D:\VIRUS\INFECTED\ICELANDI.EXE
            Found Saratoga/Icelandic Virus
          Scanning D:\VIRUS\INFECTED\1168.COM
            Found 1168 Virus
          Scanning D:\VIRUS\INFECTED\1280.COM
            Found 1280 Virus
          Scanning D:\VIRUS\INFECTED\1701.COM
            Found 1701/1704 Virus - Version B
          Scanning D:\VIRUS\INFECTED\1704-B.COM
            Found 1701/1704 Virus - Version B
          Scanning D:\VIRUS\INFECTED\1704-C.COM
            Found 1701/1704 Virus - Version C
          Scanning D:\VIRUS\INFECTED\ATTRIB.EXE
            Found Jerusalem Virus - Version B
          Scanning D:\VIRUS\INFECTED\JRVIR-C.COM
            Found Jerusalem Virus - Version B
          Scanning D:\VIRUS\INFECTED\JRVIRUS.COM
            Found Jerusalem Virus - Version A
           More? ( H = Help )NFECTED\NUMOFF.COM
            Found Jerusalem Virus - Version A
          Scanning D:\VIRUS\INFECTED\DOS62.COM
            Found Vienna (DOS 62) Virus - Version A
          Scanning D:\VIRUS\INFECTED\FUMANCHU.COM
            Found Fu Manchu Virus - Version A
          Scanning D:\VIRUS\INFECTED\SURIV01.COM
            Found April First Virus - Version C
   !      Scanning D:\VIRUS\INFECTED\SURIV02.EXE
            Found Jerusalem Virus - Version D
          Scanning D:\VIRUS\INFECTED\SURIV03.COM
            Found Jerusalem Virus - Version E
          Scanning D:\VIRUS\INFECTED\INFECTED\1280.COM
            Found 1280 Virus
          Scanning D:\VIRUS\INFECTED\I2\1168.COM
            Found 1168 Virus
          Scanning D:\VIRUS\INFECTED\I2\1280.COM
            Found 1280 Virus
          Scanning D:\VIRUS\INFECTED\I2\1701.COM
            Found 1701/1704 Virus - Version B
          Scanning D:\VIRUS\INFECTED\I2\1704-B.COM
            Found 1701/1704 Virus - Version B
          Scanning D:\VIRUS\INFECTED\I2\1704-C.COM
            Found 1701/1704 Virus - Version C
           More? ( H = Help )NFECTED\I2\1704.COM
            Found 1701/1704 Virus - Version B
          Scanning D:\VIRUS\INFECTED\I2\1704FRMT.COM
            Found 1701/1704 Virus - Version C
          Scanning D:\VIRUS\INFECTED\I2\DOS62.COM
            Found Vienna (DOS 62) Virus - Version A
          Scanning D:\VIRUS\INFECTED\I2\FUMANCHU.COM
            Found Fu Manchu Virus - Version A
          Scanning D:\VIRUS\INFECTED\I2\ICELANDI.EXE
            Found Saratoga/Icelandic Virus
          Scanning D:\VIRUS\INFECTED\I2\JRVIR-C.COM
            Found Jerusalem Virus - Version B
          Scanning D:\VIRUS\INFECTED\I2\JRVIRUS.COM
            Found Jerusalem Virus - Version A
          Scanning D:\VIRUS\INFECTED\I2\SARATOGA.EXE
            Found Saratoga/Icelandic Virus
          Scanning D:\VIRUS\INFECTED\I2\SURIV01.COM
            Found April First Virus - Version C
          Scanning D:\VIRUS\INFECTED\I2\SURIV02.EXE
            Found Jerusalem Virus - Version D
          Scanning D:\VIRUS\INFECTED\I2\SURIV03.COM
            Found Jerusalem Virus - Version E
          Scanning D:\VIRUS\INFECTED\I2\TRACEBCK.COM
            Found 3066 (Traceback) Virus
           More? ( H = Help )RUS.LIB\V3.COM
            Found Jerusalem Virus - Version A

          Disk D: contains 81 directories and 1466 files.
           36 files contain viruses.

          This list was edited to eliminate a lot of intermediate output...
          information proprietary to my system... The test system is a NEC
          PROSPEED 386 Laptop at MS-DOS Level 3.3 .with Quarterdecks
          2.25/386 multitasking system. The disk size was a 32 meg
          partition running on a 100mb disk.

          I will be running the series of tests for boot sector infectors
          and partition table infectors later this week and will post those
          results then.
                                        cheers
                                        kelly
          p.s. I think this should settle any doubts

          DISCLAIMER: The views expressed above are not those of AMDAHL
          Corp. who has generously provided e-mail facilities or those of
          ONSITE CONSULTING... they do represent the views of Cybernetic
          Systems Specialists Inc. A CVIA Member... No warranty is
          expressed implied or granted in any fashion what so ever...
          However The VIRUSCAN program was tested against LIVE viral
          programs and it did correctly identify what I have in my archives
          to this date..