Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!mcnc!ecsvax!emigh
From: emigh@ecsvax.UUCP (Ted Emigh)
Newsgroups: comp.sys.ibm.pc
Subject: Detecting some Trojan programs
Message-ID: <2936@ecsvax.UUCP>
Date: Tue, 21-Apr-87 13:46:50 EST
Article-I.D.: ecsvax.2936
Posted: Tue Apr 21 13:46:50 1987
Date-Received: Wed, 22-Apr-87 04:27:57 EST
Reply-To: emigh@ecsvax.UUCP (Ted Emigh)
Distribution: world
Organization: NC State University
Lines: 12

Last Fall I sent to net.sources the source (in Turbo Pascal) of a program that
checks for files that have been modified.  Basically it computes a CRC
for all the files on disk and stores this number.  Run a second time, it
compares the current CRC with the former CRC.  It also gives a list of
all files created in the intervening time.  I developed it when a
commercial program I had was trashing my files *WITHOUT MODIFYING THE
TIMEDATE STAMP*.  It can be used with Trojan programs that modify
files or tuck files in dark corners of the file system.

Anyway, the programs are called FILECRC and COMPARE.  I have no idea
whether or not they made it to any of the ARPA archives.  If there is
interest, I can resubmit them (along with the updates since last Fall).