Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: viki@crash.cts.com (Victoria Harkey) Newsgroups: comp.virus Subject: Re: Do any viruses affect Novell? (PC) Message-ID: <0005.9104181717.AA10026@ubu.cert.sei.cmu.edu> Date: 17 Apr 91 21:06:34 GMT Sender: Virus Discussion List Lines: 38 Approved: krvw@sei.cmu.edu It jumped around, infected and reinfected files; and it beeped at you as if it was saying , "Here's Johnny!" Another system I cleaned up had the Jerusalem-B virus; about 75 exe, com and ovl were infected on the network. They had to be deleted (cleaned and written over with a binary pattern); and then reinstalled. The Platinum package this banking system was running had a large number of files that had to be removed, and then platinum had to be reinstalled; files replaced and one module replaced. All floppy disks were inspected, and the virus was found on the 2 suspected disks. One more incident of an "Unknown virus" -- a trojan horse that activated on 4/1; it played music and that was appropriate when symphony was executed. It sounded benign -- but in the procedures to trap and erradicate it, it went into the panic mode and wiped out total access to the hard drive. Fortunately, the company had pulled this machine off line as soon as it was acting abnormally. When de-virusing a network, all workstations have to be devirused as well as all floppy disks -- something brought it in... This is a good recommendationffor diskless workstations that keep anyone from taking your valuable data off site,to the malicious or unintentional introduction of a virus on the network. There are viruses that infect data files as well as the executables and overlays. I have a favorite virus fighter than remains resident in the workstations attached to the server (or they are not allowed to attach); and the net is secure. Please be aware that the above viruses paid no heed to NetWare's SRO; they might have been secure had they been flagged EXE ONLY -- but I'm not willing to test this on a production unit. Viki Victoria Harkey Certified NetWare Engineer