Path: utzoo!utgpu!news-server.csri.toronto.edu!helios.physics.utoronto.ca!ists!yunexus!xrtll!silver From: silver@xrtll.uucp (Hi Ho Silver) Newsgroups: comp.sys.ibm.pc.misc Subject: Re: Virus Warning! Message-ID: <1990Dec22.194412.6657@xrtll.uucp> Date: 22 Dec 90 19:44:12 GMT References: <0bOTTmi00VovEAX0ct@andrew.cmu.edu> <1990Dec16.220531.2102@monu6.cc.monash.edu.au> Reply-To: silver@xrtll.UUCP (Hi Ho Silver) Organization: Not around here, pal! Lines: 29 In article <1990Dec16.220531.2102@monu6.cc.monash.edu.au> sci240s@monu6.cc.monash.edu.au (mr w.j. ho) writes: $hp0p+@andrew.cmu.edu (Hokkun Pang) writes: $>pardon my ignorance, but is it possible that computer virus can be implanted $>into non exe/com files? I have been checking all my incoming *.exe and *.com $>files. I wonder if I should have been checking files of other formats too? The way a virus is spread is by running an infected program. When you do this, the virus puts itself in memory and starts infecting other programs. In order for this to happen, the virus itself must be executed, so it can only spread by infecting executable code (batch files don't count). Note that I said executable code, not executables. If a virus infects an overlay file or a device driver, it may well get loaded into memory and executed, so .EXE and .COM files aren't the only ones to check. So you ask what other extensions to check? There isn't a definite list, as there is no standard for such extensions. But device drivers are usually .SYS or .BIN, and overlays are often .OVL or .OVR. Also, overlays generally aren't as easy to infect from a programmer's point of view, so most viruses don't bother with them. McAfee's SCAN knows what the most common extensions for infectable files are. If you place all incoming files into a directory and run SCAN on that directory (e.g. SCAN C:\NEW), it will scan the ones it thinks are most likely to be executable code. -- __ __ _ | ...!nexus.yorku.edu!xrtll!silver | always (__ | | | | |_ |_) >----------------------------------< searching __) | |_ \/ |__ | \ | if you don't like my posts, type | for _____________________/ find / -print|xargs cat|compress | SNTF