--------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGK00044 Date: 12/15/96 From: RUNE-KRISTIAN VIKEN Time: 08:14pm \/To: ROLAND STINER (Read 2 times) Subj: SWISS 2 > My new version of the Microsoft Antivirus is reporting a Swiss 2 virus > in memory. It is cleaned and when I re-boot, the same thing is > reported. The funny thing is that it is not even in the library of > viruses in Microsoft Antivirus. Can someone shed some light on my > problem? Well. 1. Get a better scanner.. preferably F-Prot or Tbav 2. Delete MSAV.. 3. Scan the computer for other virii's again.. :-) Rune Kristian Viken / Fifth Arcade^RaP'96 / SysOp Arcade's BBS Call: 38 35 12 88, 24Hrs a day. Moderator/Debatt at Krs. BBS -- SPEED 2.00 [NR]: Bill Gates has bought the Vatican! New Name: MS Church! --- FidoMBBS v1.82, KRS#001 * Origin: Kristiansand BBS - +47 380-24292 - 4 nodes (2:211/46) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGK00045 Date: 12/15/96 From: RUNE-KRISTIAN VIKEN Time: 09:25pm \/To: KURT WISMER (Read 2 times) Subj: Regionalized Viruses >>> the author of the Internet Worm was Robert Morris JNR. >> Well - did that man get any 'penalty' for writing the Inet worm? > i do believe he was penalized in some manner, Well, but is there anyone who KNOWS exactly what happened? :-) Rune Kristian Viken / Fifth Arcade^RaP'96 / SysOp Arcade's BBS Call: 38 35 12 88, 24Hrs a day. Moderator/Debatt at Krs. BBS -- SPEED 2.00 [NR]: E=mc - Einstein --- FidoMBBS v1.82, KRS#001 * Origin: Kristiansand BBS - +47 380-24292 - 4 nodes (2:211/46) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGK00046 Date: 12/16/96 From: DAVID KIRSCHBAUM Time: 11:11am \/To: MIKE HUDSON (Read 2 times) Subj: f-prot225 On (12 Dec 96) Mike Hudson wrote to Jarek Soczewinski... MH> -=> Quoting Jarek Soczewinski to All <=- MH> MH> JS> IF U find f-prot 225 made in december do not download. It is a MH> JS> trojan virus. damn eh. MH> MH> And what do you base this theory on? Especially since I just downloaded fp-225.zip from ftp.simtel.net (where it was virus scanned), and then scanned it with McAfee's latest _and_ the old fp-224c? Thanks for the misinformation, sport. (Not you, Mike; Jarek.) ... We now return to our regularly scheduled flame-throwing. --- PPoint 1.80 * Origin: Toad Hall (1:3634/2.4) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGK00047 Date: 12/17/96 From: LUTHER KOLB Time: 02:51am \/To: BILL CLARK (Read 2 times) Subj: TBAV Bargain!!! BC> And the horse you rode in on too... FOAD you dickhead. LuKE --- * Origin: --==[ Secure Antivirus Systems International ]==-- (3:640/886) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGL00000 Date: 12/15/96 From: BRIAN AYRES Time: 11:28am \/To: VINCENT WONG (Read 3 times) Subj: Re: Virus infect picture' -=> Quoting Vincent Wong to All <=- VW> Is it possible for a virus to spread, infect and distrubute itself VW> via a graphics file format e.g GIF, JPG, TIF etc... Vincent, If the virus spreads by itself through your system, then what you now have would be called a worm. A virus in medical terms acts similar as one in a computer. This must have a host body and can't move around by itself. A worm however will move around your system by itself without you being aware of ... but the results can be similar. Lost of information. VW> Vin VW> vincentw@geocities.com VW> http://www.geocities.com/siliconvalley/Heights/2853/tabbs.htm VW> ... Go straight to the docs. Do not pass GO. Do not collect $200! VW> -!- Fmail - The City BBS VW> ! Origin: The City BBS Sydney Australia -> V.34 (3:711/410) ... All I need is a Wave and a board to surf it on. ___ Blue Wave/QWK v2.12 --- WILDMAIL!/WC v4.12 * Origin: Bluebolt's Pink Triangle BBS (1:291/30.0) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGL00001 Date: 12/15/96 From: KURT WISMER Time: 08:29am \/To: MALCOLM YOUNG (Read 3 times) Subj: Re: Macs -=> Mocking Malcolm to Kurt <=- (Mock, mOck, moCk, mocK) > this may be true... but an ultimate truth for computer viruses is > that they are programs that have to be run somehow to do anything... > reading them does *nothing* unless the reader program "interprets" > commands in the data that it's reading... MY> I am not sure how it works but on a MAC there is a DeskTop MY> virus that can infect the system when it is inserted MY> without the USER running anything the system probably runs MY> some thing on the disk when it is inserted. this is possible, but something is still getting executed... virus infection doesn't require that the USER execute the virus, only that the virus be executed... ... beware of quantum ducks... Quark! Quark! Quark!... --- Maximus 2.02 * Origin: Virus Watch BBS ,[(416)654-3814] (1:250/503) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGL00002 Date: 12/15/96 From: KURT WISMER Time: 08:38am \/To: ALEXANDER KOVNERISTY (Read 3 times) Subj: Re: Here again! -=> Mocking Alexander to Kurt <=- (Mock, mOck, moCk, mocK) KW> of course proper implimentation requires, among other things, that KW> integrity data be collected for all files, that it can be stored KW> off-line, and that the checker be run from a clean bootable floppy like KW> any other av program... AK> Just try to do the following: infect your PC with your favourite AK> virus, DO NOT boot the PC from bootable floppy and run ADinf in BIOS AK> disk access mode. I hope you'll be wonder. this may pick up most known viruses but i don't consider it secure (yet)... besides, the memory stealthing operations of qemm prevent me from using the secure mode you're speaking of without a clean boot... ... today's mock has been brought to you by the letters p, u, and # pi... --- Maximus 2.02 * Origin: Virus Watch BBS ,[(416)654-3814] (1:250/503) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGL00003 Date: 12/15/96 From: KURT WISMER Time: 09:38am \/To: JOHN KISMUL (Read 3 times) Subj: Re: Macs -=> Mocking John to Kurt <=- (Mock, mOck, moCk, mocK) KW> JK> Ever heard about BOOTSECTOR virus? KW> KW> no, you're wrong... bootsector viruses need the computer to boot with KW> the infected bootsector... the booting process *executes* the KW> bootsector... ergo even bootsector viruses require execution to do KW> anything... JK> OK but if you writes DIR A: then the BOOTSECTOR virus will JK> be active. Wouldn't it? no, it would only be stored in a disk buffer... to be active the computer has to run the code, it doesn't run things in disk buffers by default so the virus would NOT be active as the instructions in the virus won't be processed... the disk buffer is essentially a data buffer, when was the last time you saw a computer execute data?... the only way to get an infected bootsector is to leave an infected disk in the drive when you boot the computer or to executed a dropper program or a multipartite infected file... dir a: cannot activate a virus... ... X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* --- Maximus 2.02 * Origin: Virus Watch BBS ,[(416)654-3814] (1:250/503) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGL00004 Date: 12/15/96 From: KURT WISMER Time: 08:56am \/To: JEFF THOMAS (Read 3 times) Subj: Re: F-Prot FTP Site. -=> Mocking Jeff to Michael <=- (Mock, mOck, moCk, mocK) JT> Sorry for dropping in unexpectedly on you, but observed you were JT> able to get your latest version of F-Prot directly from "the JT> authors FTP site". JT> Can you please pass on what that address is?? fprot is available from complex.is if you really want to go their and tie up the line... it's also available on the symtel archives as frisk uploads the new versions there... if i were you, i'd try for the symtel archives since their better equiped for heavy traffic... save complex.is for people who don't know any better... ... today's mock has been brought to you by the letters p, u, and # pi... --- Maximus 2.02 * Origin: Virus Watch BBS ,[(416)654-3814] (1:250/503) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: DGL00005 Date: 12/15/96 From: KURT WISMER Time: 09:00am \/To: RYAN DICKINSON (Read 3 times) Subj: Re: a virus?? -=> Mocking Ryan to All <=- (Mock, mOck, moCk, mocK) RD> ok i think that i have myself a little problem on my hands...when RD> ever i go to press either shift key i get either a "y" or a "{" RD> repeatedly...is this a virus? i had already scanned my system with RD> like 5 different programs, RD> tbav,scan,f-prot,chekmate,msav,pc-cillin....and for some reason it RD> keeps doin this...what else could be the problem if its not a virus? ansi bomb (and i was just telling someone else that these weren't much of a threat anymore) or hardware failure (you make have a short in your keyboard)... ... wash, rinse, repeat... --- Maximus 2.02 * Origin: Virus Watch BBS ,[(416)654-3814] (1:250/503)