Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!hao!noao!sunspot!mcgraw
From: mcgraw@sunspot.UUCP (Robert McGraw)
Newsgroups: comp.sys.ibm.pc
Subject: FIGHTING THE VIRUS
Message-ID: <571@sunspot.UUCP>
Date: 29 Feb 88 17:43:03 GMT
Reply-To: mcgraw@noao.UUCP (Robert McGraw)
Organization: Natl. Optical Astronomy Observatories, Tucson, AZ USA
Lines: 44

Here is a suggestion in fighting the common virus.

1. make a test directory and keep a copy of COMMAND.COM plus (optional)any
other .exe, .com programs that you know to be free of the virus i.e.
programs from the original disketts.
 
2. write a simple test program and make into a .com and store two
copies in the test directory you created above (obviously under
different names). You know these do not have the virus.
 
3. create a  .BAT file that will:
 
	a.	execute one of your test programs
	b.	run a DIFF on the COMMAND.COM in your root directory
and your test directory, run a DIFF on your two test programs in your
test directory, run a
diff on your other .exe/.com programs that you have in the test directory.
 
4. run the above .BAT file at bootup, shutdown, and/or after you have
downloaded a file from a BBS and executed the program.          

If any differences are indicated your disk might have a cold. I am not
sure if certain .exe/.com programs might get changed when you
run a reconfigure on the software package so you will have to keep
this in mind. 

This system will check if COMMAND.COM gets modified but does not change
size and checks .exe/.com files that get modified when executed. 

I use the DIFF in the MKS package and it is fast. I am sure there are
DIFF programs in the PD if you don't have one.
 
This is a quick but dirty way of checking for the bugs that
have been going around. The good point to this system is that you know
the programs you are checking against are free of the virus since you
copied them from the original diskette. If you really feel insecure you
could make a known difference in your test program to check that you
DIFF program is working correctly. OH WELL..
-- 
-Robert P. McGraw, Jr.	National Solar Observatory SPO
 USPS Mail:		Box 62, Sunspot, NM 88349 USA
 Phone:			(505)434-1390, FTS: 571-0232
 Internet:		rmcgraw@noao.arizona.edu
 SPAN/HEPNET:		DRACO::RMCGRAW		[DRACO=5356]
 UUCP:			{arizona,decvax,hao,ihnp4},noao!sunspot!rmcgraw