Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!cs.utexas.edu!ginosko!usc!sdsu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: portal!cup.portal.com!Alan_J_Roberts@SUN.COM Newsgroups: comp.virus Subject: DARK AVENGER WARNING (PC) Message-ID: <0011.8910231421.AA08239@ge.sei.cmu.edu> Date: 22 Oct 89 01:35:16 GMT Sender: Virus Discussion List Lines: 21 Approved: krvw@sei.cmu.edu A number of disturbing reports about scanning systems infected with the Dark Avenger virus have just been substantiated by Kevin Harrington at U.C. Davis and Morgan Schweers in Glen Cove N.Y. It seems that the virus infects any and every executable file that is opened for read or write. Thus, if a system is scanned by VIRUSCAN or IBM's VIRSCAN, the virus begins an uncontrollable infection of the system, resulting in corruption of virtually everything in the system. This turns what might have been a modest disinfection task into a total nightmare. VIRUSCAN version 45 has corrected this problem by checking for the active virus in memory before attempting to do a system scan. Dave Chess and Art Gilbert at IBM have been made aware of the problem (according to John McAfee) and a fix for their VIRSCAN program should be forthcoming. If you are using either of these products please get the fixed version before scanning any system suspected of harboring this virus. If you are unable to do this, then scan only a floppy diskette first. This will risk only the files on your floppy. If you have a "clean" system master, then of course re-boot first to start from a clean system. The problem most infected installations have, however, is finding a guaranteed clean system disk, so proceed cautiously. The safest thing, again, is to use the updated versions of these programs. Alan Roberts