Path: utzoo!attcan!uunet!samsung!uakari.primate.wisc.edu!sdd.hp.com!wuarchive!mit-eddie!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: Bill.Viggers@comp.vuw.ac.nz (Bill Viggers)
Newsgroups: comp.virus
Subject: Scan v67 and killer.com (PC)
Message-ID: <0013.9010151404.AA09336@ubu.cert.sei.cmu.edu>
Date: 14 Oct 90 03:09:35 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 26
Approved: krvw@sei.cmu.edu


	There seems to be a little problem with the latest version of
	Scan and its related products.  Killer is (I think) locally written,
	and is designed to remove the STONED virus.

	When I ran Scan v67 it picked up killer.com as being infected with
	the invader virus.  Thinking that I actually might have the virus
	I used clean to fix it up.  This unfortunatly seems to have
	destroyed killer.com.  Checking further, I discovered the invader
	virus on the version of killer.com given to me by my dealer.

	Having successfuly used killer.com before, and the 'virus' not
	having spread, I was a little surprised, and used scan v67 to
	check out killer.com that was on a pc at VUW.  That too it appears
	had this virus.

	The documentation for Scan v67 said that the invader virus is a new
	virus, and that was why the release of this version of Scan was
	delayed.  Putting 2 and 2 together, I assume that this means that
	killer.com has some code in it that Scan uses to identify the
	invader virus.

	If anyone who could either confirm or refute this, I would
	appreatiate it.

Bill Viggers (Under graduate).