Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!decwrl!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: IA96@PACE.BITNET (IA96000) Newsgroups: comp.virus Subject: axe by sea (PC) Message-ID: <0004.8908021134.AA00783@ge.sei.cmu.edu> Date: 1 Aug 89 20:37:00 GMT Sender: Virus Discussion List Lines: 24 Approved: krvw@sei.cmu.edu we have been testing various ways to help prevent a file from becoming infected and have stunbled on an interesting fact. system enhancement associates (the people who wrote arc) have also released axe, a program compression utility. basically axe reads a .exe or .com file, compresses it as much as possible, tacks a dos loader on the front of the file and then saves the new file. in many instances, the resulting file is from 15% to 50% smaller than the original file and loads and runs just like a regular dos file. what is interesting is when a virus attacks an axe'd file. the virus writes itself into the file as many viruses do. however, when you next attempt to load and run the file, it will not load and locks up the system. this is not because the viruys has taken control! this happens because when an axed file is loaded, it is decompressed and the checksum is compared to the original one generated when the file was axed. I know axe was never designed to be anti-viral, but it sure works well in this regard. since the file is actually in encrypted form on the disk, it screws up the virus!