--------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: E2D00003 Date: 02/07/97 From: GENE PARIS Time: 01:49pm \/To: ALL (Read 3 times) Subj: Defense Front * Original Area: VIRUS_NFO * Original From: Jesus Slut Fucker (1:147/69) * Original To : All (1:147/69) After a lengthy court battle The Virus Writer's & Hacker's Defense Fund is back in "business". VWHDF makes donations to help defend hackers who have legal difficulties. Any one who is interested in becoming a member or knows someone who is in need of legal aid can write (snail mail) VWHDF at: The Virus Writer's & Hacker's Defense Front P.O. Box 19349 Oklahoma City, Ok 73144-0349 E-mail addresses: jesus.christ@webcitement.com colostomybagboy@thor.net -Geno --- Maximus 3.01 * Origin: rADiO_fREe_okC NuKe wHQ 405.634.9963! (1:147/69) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: E2D00004 Date: 02/07/97 From: STEVEN WALLEY Time: 04:20pm \/To: ALL (Read 3 times) Subj: More Viruses? I was asked to upgrade the hard drives of two PC's for a hospital this week. Before I opened them up I scanned them for viruses using my own floppy disk to 'boot' the computer. Both had the Stealth C Boot virus according to F-Prot. Luckily, this one is easy to remove. I've seen more viruses in the past year than in the previous 5 years combined. --- OLX 2.1 ... Modem: A device used to triple your phone bill. --- * Origin: The Learning Curve - Torrance, CA. (310) 371-0007 (1:102/332) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: E2D00005 Date: 02/06/97 From: CURTIS CANNING Time: 10:50am \/To: RICK COLLINS (Read 3 times) Subj: Warning Hi Rick CC> Well my understanding of a virus and a trojan is that, CC> a trojan sits on your computer and waits for a certain CC> time and date and then it activates it self and infects CC> your files, and a virus is when it keeps on infecting CC> files when you activate a program or reboot the computer. CC> "please correct me if I'm wrong" RC> You're wrong. What you describe _could_ be a trojan. The essential RC> aspect of a "virus" is that it replicates. The essential aspect of a RC> Trojan is that it does one thing openly (you know it does that thing) RC> but it does something else that is hidden from you, and that you RC> would _not_ want done if you knew about it. So what about those viruses which activate at a certain time and date eg( Friday The 13th ) and many other famous viruses they are trojans and also they are viruses, and they aren't keeping you busy with a game or something while infecting your hard drive. My understanding of something that keeps you busy on something else while it infects or formats your hard drive is a Bomb of some sort. ( Still is a trojan but the wrong type, not a virus dropper ). CC> Nothing is impossible, and if they do invent something CC> like that, the person who programed it will be very rich, CC> and it will change the virus industry and put the major CC> virus companys out of business. RC> Some things _are_ impossible. You learn that with age. With money, man power and research, I thing that 99% of possibilities are possible. CC> Then people would have to resort to programming bombs, instead CC> of viruses. RC> They don't _have_ to resort to anything. They are undetectible aren't they? Thanks for your help !! ,-_|\ / \ \_,-\_/ Regards - CC - v MailiUg AustTalia WidE 97! CYA.. ... ???????????????????????? - I'm Still thinking of a TagLine !!! ___ Blue Wave/386 v2.30 --- * Origin: Melbourne PC User Group BBS (3:632/309) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: E2D00006 Date: 02/06/97 From: CURTIS CANNING Time: 10:51am \/To: TODD COPELAND (Read 3 times) Subj: Warning Hi Todd CC->Well my understanding of a virus and a trojan is that, ->a trojan sits on your computer and waits for a certain ->time and date and then it activates it self and infects ->your files, and a virus is when it keeps on infecting ->files when you activate a program or reboot the computer. CC->"please correct me if I'm wrong" TC> A trojan is a program that appears to do one thing but actually does TC> another. A program called INSTALL.BAT that formats your C drive would TC> be a trojan. Tojans are non replicating. It does not have to "sit on TC> your computer". This would tend to be a virus. What you just described is a "Batch Bomb" not a virus dropper, which I admit it is a trojan, but not a trojan virus that activates at a certain time and infects the hard drive and spreads. I think there are all sort of Trojans, and it just depends on which way you look at it ether it is a batch bomb or a Virus dispenser. TC> A virus infects other programs (intentionally) and those infected TC> programs, in turn, do the same. A bit like the Borg :) Thanks for your help !! ,-_|\ / \ \_,-\_/ Regards - CC - v MailiUg AustTalia WidE 97! CYA.. ... We now return to our regularly scheduled flame-throwing. ___ Blue Wave/386 v2.30 --- * Origin: Melbourne PC User Group BBS (3:632/309) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: E2D00007 Date: 02/06/97 From: CURTIS CANNING Time: 10:51am \/To: GORDON FREY (Read 3 times) Subj: Warning Hi Gordon CC> "please correct me if I'm wrong" GF> Your incorrect, a active virus ( as no program can activate it's GF> self and to wait for a time/date or..... the virus must be ACTIVE) GF> can wait for a triger event to excute its payload. The triger can GF> be: the number of times it has repatriated, a date, or ????, it's GF> unlimited what a triger can be! GF> A torgen is like a ansi bomb. A torgen is a program that says its GF> a spreadsheet and when you run it does something to your computer GF> like deltree y c:\ or uses its own code to format or overwrite GF> your harddisk. I have a copy of VIRUS PRODUCTION KIT, which I found a copy a long time ago on some bbs, anyway in that you can make up Viruses that are trojans, so after a certain time and date it activates the virus and then spreads it through you computer. So a trojan can be anything that sites and waits for someone to activate it or by time and date. Thanks for your help !! ,-_|\ / \ \_,-\_/ Regards - CC - v MailiUg AustTalia WidE 97! CYA.. ... Back up my hard disk? I can't find the reverse switch! ___ Blue Wave/386 v2.30 --- * Origin: Melbourne PC User Group BBS (3:632/309) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: E2D00008 Date: 02/06/97 From: CURTIS CANNING Time: 08:23am \/To: SHELDON LAMB (Read 3 times) Subj: Warning Hi Sheldon CC>I'm always flicking CC>back and forth between boot Disks and normal boot, because CC>the games are fussy with memory, and I have boot Disks CC>for everything. SL> ...maybe you ought to try multiple memory configurations...use the SL> dos-menu and set up a string to configure for different purposes...one SL> for windows-based,one for dos-based,and one for gaming...3 sets of SL> bootfiles blended into one...simplifies life immensely...just choose SL> your variant at boot-up...any dos manual or dummies-book especially SL> can guide you through it...takes about an hour,including time to run SL> mem managers to get optimum configs in each mode,then you just type up SL> your final file,including all the info from the 3 others...life is easy SL> then. I have made up a menu system for the games, and to flick between different programs, but the only problem is that some games require expanded memory or extended memory and once all of the drivers are loaded up in memory, I still have to reboot the machine to clear the memory for each game, all less there is a dos command to clear the memory without rebooting? In some games I have to disable the cd rom to get more memory. ,-_|\ / \ \_,-\_/ Regards - CC - v MailiUg AustTalia WidE 97! CYA.. ... What do you mean? You actually read this tagline?!? ___ Blue Wave/386 v2.30 --- * Origin: Melbourne PC User Group BBS (3:632/309) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: E2D00009 Date: 02/06/97 From: CURTIS CANNING Time: 08:22am \/To: KRZYSZTOF HARWAS (Read 3 times) Subj: Re: Warning Hi Krzysztof KH> In this particular message you wrote : CC> I had : TBdriver CC> TBscanx CC> TBcheak CC> TBmem CC> TBfile CC> TBscan Once All Drives. CC> All of them were activated, I do not take lately to viruses CC> being on my hard drive. KH> Suspicious, I'd say..... There had to be other things you KH> did not notice then or not remember now..... having the KH> configuration you say you had, it is almost impossible to KH> get infected. Why? I think I have found the problem, I may have been using a boot disk at the time, and it did not load up all of the file ubove, so of course it did not pick anything up. Only my bootsector and partition table were protected because I immunized the partition table, oh well, I know what to do next time. KH> AND THE MOST IMPORTANT - LOAD ALL OF THE MODULES FROM THE CONFIG.SYS KH> FILE! AND PUT THEM IN THE FIRST LINES OF THAT FILE. This is the I did not know that it was possible, I have everything loaded up in the Autoexec.bat, I'm still learning how to make up batch files you see :) KH> If the thing have been done that way it is impossible to KH> get infected. Almost. Never say never, right? :-))))))) Yep :) KH> All of these are not true, if a virus have been activated KH> before the modules are loaded. But that is the other pair KH> of shoes, as we say in Poland. It is possible for a virus KH> to hide, but in such case the virus have to be loaded KH> BEFORE the modules of the TBAV are in memory. That's true. Makes sense !! KH> Since I have been using the TBAV constantly (that means two years or KH> so) I haven't get ANY virus yet. Before I got the TBAV installed, KH> I had had viruses few times a month. Yeah, the only viruses I get these day are the ones that slip through the defense because I did something wrong to allow this :) KH> PS KH> Have to look through this message again, but in a case in KH> will not check again (kids are fighting and have to calm KH> them down),. In a case I missed something - I will write KH> alter. Looks ok !!! ,-_|\ / \ \_,-\_/ Regards - CC - v MailiUg AustTalia WidE 97! CYA.. ... |/\/\/\/\/\/\/\/\/\/\/\| = ? ___ Blue Wave/386 v2.30 --- * Origin: Melbourne PC User Group BBS (3:632/309) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: E2D00010 Date: 02/06/97 From: CURTIS CANNING Time: 06:07am \/To: ROD FEWSTER (Read 3 times) Subj: Warning Hi Rod > First of all it wasn't a real problem only 6 files got > infected, and I jumped on it it pretty quickly, I'm always > scanning with F-Prot and TBAV. RF> It pays to stay on top of these things ... if you hadn't caught the RF> virus early you might have ended up with 6000 infected files. Yeah, that would be bad !! > Also is it true that big companies make up viruses so they > can sell there products ? eg ( like a Virus company ).. RF> it seems to me that one particular company goes out of its way to bring RF> the whole industry into disrepute and to "prove" that AVers spread RF> viruses. A couple of years ago a major war of words erupted after this What about companies like MicroSoft, I heard that they had a virus on one of there cd which they were selling to people is this true? And also someone told me that you always scan you installation discs eg ( CD's, 1.44 ), because you get disgruntle employees tampering with the discs and putting viruses on them. ,-_|\ / \ \_,-\_/ Regards - CC - v MailiUg AustTalia WidE 97! CYA.. ... Backup not found: (A)bort (R)etry (S)lap nearest innocent bystander. ___ Blue Wave/386 v2.30 --- * Origin: Melbourne PC User Group BBS (3:632/309) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: E2D00011 Date: 02/06/97 From: CURTIS CANNING Time: 11:52am \/To: BRIAN PATTERSON (Read 3 times) Subj: Warning Hi Brian > "please correct me if I'm wrong" BP> Trojans normally don't replicate. If the trojan is a virus BP> DROPPER, then the "dropped" virus replicates, the dropper BP> does not. BP> A trojan is malware which appears to be something normally desirable BP> to most users, which really causes damage WHETHER OR NOT IT ALSO BP> PERFORMS THE DESIRABLE FUNCTION! A virus "dropper" file is BP> a trojan. A program called win-doom.exe which is really a BP> compiled batch file to call a low-level format from debug BP> (as an example) is a trojan. All trojans (from "trojan BP> horse", read your Greeks) cause damage. Most cause so much BP> damage that they wipe themselves out too! They AREN'T BP> INTENDED TO REPLICATE! The virus dropper is a type of BP> trojan which drops (activates, and if needed forces into BP> the boot sector/MBR) a virus. The virus replicates, of BP> course. The DROPPER does NOT! This message is well put :) Too put it down too basic language, trojan is anything that sites on your computer that can cause damage, ether it is a virus dropper or a Bomb. Thanks for your help !! ,-_|\ / \ \_,-\_/ Regards - CC - v MailiUg AustTalia WidE 97! CYA.. ___ Blue Wave/386 v2.30 --- * Origin: Melbourne PC User Group BBS (3:632/309) --------------- FIDO MESSAGE AREA==> TOPIC: 171 VIRUS INFO Ref: E2D00012 Date: 02/08/97 From: DAVID DESROSIERS Time: 02:15am \/To: ALEXANDER MARTSIPAKA (Read 3 times) Subj: Re: West Coast Institute -=> Quoting Alexander Martsipaka to Kurt Wismer <=- AM>> Ok. I understand. Then I want to find MAXWELL HARPER. AM>> His fidonet address was 1:103/350 KW> if you know his address then send him netmail... AM> I wrote that his address 'WAS', but not 'IS'. AM> His address is not valid now. AM>> Can somebody help me find the man ? AM>> I would like to cooperate with him. Try http://www.whowhere.com and do a search there. -The Visionary visionary@brazerko.com ... Youth Culture Killed My Dog. --- WtrGate+ 0.93.PRE6 beta sn 116 * Origin: hacker heaven bbs - #include (1:320/2600)