Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!jarthur!elroy.jpl.nasa.gov!swrinde!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: ozonebbs!aryehg@apple.com (Aryeh Goretsky) Newsgroups: comp.virus Subject: Details of Scan 74-B (PC) Message-ID: <0013.9102221354.AA15356@ubu.cert.sei.cmu.edu> Date: 21 Feb 91 19:32:18 GMT Sender: Virus Discussion List Lines: 81 Approved: krvw@sei.cmu.edu VERSION 74-B Version 74-B fixes a bug which caused the programs misidentify the Swedish Disaster virus on Syquest 10Mb tape drives and machines formatted with some versions of Zenith-OEM MS-DOS. The machines in question were said to have the "Stoned/Swedish Virus" present in the boot sector of infected hard disks and disk packs. VIRUSCAN Version 74 Version 74 of VIRUSCAN adds 51 new viruses and over one hundred new strains of existing viruses, bringing the total number of known computer viruses to 475. In addition, version 74 improves the throughput of the scanning algorithm and handling of nonstandard hard drives, and now provides the option of displaying all messages in French. The 1575/1591 virus was sent to us from multiple sites in Quebec, Canada, Oslo, Norway, and the United States. It is a memory-resident file infector that attaches to .COM and .EXE files when a disk is accessed via internal DOS commands. The 903 virus was sent to us by Djennad Nasser from France. It is a .COM file infector. The Holocaust virus was sent to us by David Llamas of Barcelona, Spain. It is a .COM file infector that uses "stealth" type techniques. The BeBe, Kuka, Kuka/Turbo, Lozinsky, MGTU, Nina, Off Stealth, Polish-532, Sverdlov, Tiny-133, USSR-series, and Voronezh viruses were discovered in the Soviet Union and Eastern Europe and sent to us from numerous sources there and in Western Europe. They are not believed to exist in the West. The Christmas Violator, F-Word, Parity, Beeper, Best Wish, Leapfrog Destructor, Happy New Year Hymm, Justice, Label, V961, Swiss-143, Sentinel, Plague, Monxla-B, Little Pieces, IKC528, Hybrid, Dir-Vir, Stone90, Saddam, and Iraqui Warrior viruses were sent to us from various sources around the globe. For summary information about these viruses, please refer to the enclosed VIRLIST.TXT file. For a detailed description of all known viruses, please refer to the Virus Summary Document (VSUM), copyrighted by Patricia Hoffman and available and most bulletin boards. A trojan version of VIRUSCAN, Version 73, appeared on BBSes in Miami, Florida USA. In order to prevent confusion, we have used the next version number, Version 74. CLEAN-UP Verison 74 Version 74 of CLEAN-UP adds removal of the 1575/1591 and the Music Bug viruses, as well as several new variants of the Jerusalem virus. For more information about these viruses, please refer to the enclosed VIRLIST.TXT file. VSHIELD Version 74 Two new commands have been added to VSHIELD: The /CONTACT option allows a custom message to be displayed if a virus is found. The /CERTIFY option provides control over file execution. It will prevent any program from being executed if it has not been validated as an authorized program for a given site. FOREIGN LANGUAGE SUPPORT Both VIRUSCAN and CLEAN-UP can now display messages in French. When the /FR option is specified, all messages will be displayed in French instead of English. VIRLIST.TXT ENTRY FOR 1575/1591 VIRUS Version 74 went out without an entry in the VIRLIST.TXT file for the 1575/1591 virus. The correct entry should be: 1575/1591 [15xx] Clean-Up . . x x x x . . . . vary O,P,L Sorry 'bout that, folks. Aryeh Goretsky +----------------------------------------------------------------+ | Aryeh Goretsky, Tech Support vox (408) 988-3832 | | McAfee Associates fax (408) 970-9727 | | 4423 Cheeney Street bbs (408) 988-4004 | | Santa Clara, California 95054-0253 // | | Internet: aryehg@ozonebbs.uucp // | | UUCP: apple!netcom!nusjecs!ozonebbs!aryehg \X/ | | "Opinions expressed are my own and do not neccessarily reflect | | those of my employer."--universal disclaimer applied herein. | | "How is a cat like a meatloaf?"--John R. De Palma, M.D. | +----------------------------------------------------------------+ Brought to you by Super Global Mega Corp .com