Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!decwrl!decvax!ucbvax!hplabs!hpcea!hplb29a!conway
From: conway@hplb29a.HPL.HP.COM (Daniel F. Conway)
Newsgroups: comp.sys.ibm.pc
Subject: Re: FLUSHOT3.ARC protect against Trojans program
Message-ID: <1050002@hplb29a.HPL.HP.COM>
Date: 24 Feb 88 21:37:48 GMT
References: <8221@eddie.MIT.EDU>
Organization: hplabs bld 29 Palo Alto
Lines: 53

> / hplb29a:comp.sys.ibm.pc / w8sdz@eddie.MIT.EDU (Keith Petersen) /  4:44 pm  Feb 21, 1988 /

The following is a perfect example of why I only use bulletin board programs
that I have *source* for.  Could someone (preferably the author) please post
the source for FLUSHOT?

Dan Conway
Hewlett-Packard
Palo Alto CA
hplabs!dan_conway

[Some text deleted for brevity]

> 
> 
> Below is a uuencoded copy of FLUSHOT3.ARC.  This is an update to
> FLUSHOT2, announced previously, a program to protect your COMMAND.COM,
> FAT, boot sector, NOVRAM, etc., against Trojan horses.
> 
> 
>                 FURTHER INFORMATION ON "FLUSHOT" FILES!
> 
> The program FLU-SHOT.arc has had "some" copies "BUGGED". Instead of
> protecting you from the so called "COMMAND VIRUS"...they actually
> erase Command interpreters and files!
> 
> I was NOT so lucky with the original version I
> received. It had been tampered with and....erased over 15 files and
> Command.com interpreters from my system and the systems of 5 other
> users. Some had to completely re-format!
> 
> There "may" be other so-called "cures" that ( in actuality ) are
> Trojan. ALWAYS test these programs before installation and BE SURE
> they are OK!
> 
> WARNING: ON tampered versions of FLU-SHOT, most Bomb programs detect
> no problems with the program...I know because I ran three of them
> before installing to my system. After my disaster...I looked at the
> program using various utility files. I can still detect nothing out of
> the ordinary. However, looking at command.com (after the installation)
> you will note "garbage" at the end of your current command.com file.
> If you see this "DO NOT RE-BOOT YOUR SYSTEM! TAKE YOUR ORIGINAL DOS
> BOOT DISK and COPY COMMAND.COM OVER THE OLD VERSION ON YOUR HARD-DISK!
> I did not do this and....... you know the rest.
> 
> Good advice.  The file FLUSHOT3.ARC on SIMTEL20 came direct from Ross
> Greenberg, the author of FLUSHOT.  I downloaded it myself from his BBS.
> 
> Keith Petersen
> Arpa: W8SDZ@SIMTEL20.ARPA
> Uucp: {bellcore,decwrl,harvard,lll-crg,ucbvax,uw-beaver}!simtel20.arpa!w8sdz
> GEnie: W8SDZ
> ----------