Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!pacbell.com!iggy.GW.Vitalink.COM!widener!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: padgett%tccslr.dnet@mmc.com (A. Padgett Peterson)
Newsgroups: comp.virus
Subject: F-PROT and FluShot problems (PC)
Message-ID: <0001.9105081310.AA02449@ubu.cert.sei.cmu.edu>
Date: 7 May 91 13:35:29 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 18
Approved: krvw@sei.cmu.edu

>From:    umbc3!umbc3.umbc.edu!cs106132@uunet.UU.NET (cs106132)

>I was testing the new release of F-PROT 1.15a the other day, and came
>across an interesting problem.  It happened when a variant of 4096 was
>active.  Since F-PROT did not know this strain, it could not detect
>it.  This is expected as the documentation hints.
> However, when I ran F-OSCHK, the virus infected the system files
>(IBMBIO....), the result was a non-bootable hard disk.
>   I repeated the same test using FluShot+ (1.81), the same thing
>happened in a slightly different manner.  But the system again became
>impossible to boot from the hard disk.

Simple integrity checking (e.g. intelligent use of CHKDSK-type values)
would have revealed that something unusual was going on, particularly
with the varieties of 4096 that I have seen since a memory mis-match
occurs. You get what you pay for.
                                      Warmly,
                                               Padgett