Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: frisk@rhi.hi.is (Fridrik Skulason) Newsgroups: comp.virus Subject: Re: Virus questions (PC) Message-ID: <0007.a9102111625.AA03009@ubu.cert.sei.cmu.edu> Date: 10 Feb 91 13:27:35 GMT Sender: Virus Discussion List Lines: 64 Approved: krvw@sei.cmu.edu Roggie Boone wrote: >I have 4 questions regarding computer viruses. >1) I have seen the SCAN software (MaAffee) scan a computer's memory for > viruses and noticed that it only scanned the base 640K of RAM. Do > viruses typically not infect or use extended/expanded memory? There are no viruses which use or infect extended/expanded memory. A virus could theoretically place a part of itself there, but it would also have to change something in tke lowest 640K, in order to load and execute this code. There is one virus, however, which locates itself between 640K and 1Meg. > Are there virus scanning packages that will scan the additional memory? No - there is no need to do so (yet). > I raise this question, because it seems I read somewhere that some > computers with certain memory management drivers may not erase the > contents of extended memory on a warm boot, and hence may not erase any > virus that may be sitting in extended memory. (My memory isn't too good > on this topic). So what? The virus code would be "dead", as it could never be activated. Just having it in memory will not do any harm whatsoever, as it is not active. >2) Are there anti-virus packages (for PC or any computer) that use > artificial intelligence techniques to protect the system, or is such > an effort overkill? Several packages claim to use AI methods - none do. The closest thing to AI in anti-virus products are the sets of rules some packages use to search for previously unknown viruses. >3) Not meaning to plant ideas, but I was talking with a facutly member > in the dept. where I work, and the question arose as to whether a virus > could be transmitted to an orbiting satellite and cause the same havoc > that viruses cause us PC users. Is this possible? A Trojan, yes - it could be sent to the satellite, just as any other software "update". A virus ? Well, why bother making the program replicate inside the satellite, when a simple Trojan will do the job ? >4) I have also noticed that SCAN, for instance, scans basically the .EXE, > .COM, .SYS, .OVL files in a directory. Do viruses not infect .TXT or > .DOC files or maybe C (Pascal, Basic) source code? Known viruses may either: infect EXE and/or COM files. (unconfirmed reports of SYS-infecting viruses) The one or two BAT viruses are not a serious threat. or Infect any file which is loaded/executed by INT 21/4B. That is, programs and overlays. The latter group typically includes COM/EXE/APP/OVL/OVR/OV1/BIN and a few other extensions. A file which cannot be executed/ loaded as overlay cannot be infected. A virus could infect source or object code, but no such viruses exist. DOC and TXT files cannot be infected.