From: David Harley <harley@europa.lif.icnet.uk>;
Newsgroups: comp.virus
Subject: Virus-related FAQs vs. 1.01 [long]
Lines: 377
X-Date: Mon, 13 May 1996 23:46:04 +0000 (GMT)
Virus-related FAQs (vs. 1.01)
-----------------------------
Modified 7th May 1996
Where can you find out what you want to know about viruses when you're in
a hurry (or a panic!)? This resource lists the contents pages of four FAQs
and some ways to get hold of them, and is now being made available as a
supplement to the alt.comp.virus FAQ.
* The alt.comp.virus FAQ
* The comp.virus/Virus-L FAQ
* The macro-virus FAQ
* The alt.comp.virus mini-FAQ
I may expand this list to include other security FAQs, but this is a
low-priority project. Please notify me of any errors by e-mail.
Suggestions for other FAQs are welcome, but will be acted upon sooner
if someone else actually gathers the information. ;-)
David Harley <harley@icrf.icnet.uk>;
Support & Security Analyst
Imperial Cancer Research Fund
- -----------------------------------------
1) The alt.comp.virus FAQ [version 1.01f]
----------------------
The latest version of the alt.comp.virus FAQ document, maintained by
David Harley, is available as follows:
(i) It's posted to alt.comp.virus every two weeks or so.
(ii) ftp://ftp.icnet.uk/icrf-public/acv.FAQ
(iii) e-mail to:
harley@icrf.icnet.uk
Subject: request a.c.v. FAQ
Message: Optional, but unlikely to be read!
(iv)
FTP://ftp.gate.net/pub/users/ris1/acvfaq.zip
http://www.drsolomon.com/
http://www.innet.net/~ewillems/
http://www.agora.stm.it/N.Ferri/infos.htm
(v) America Online: (Virus Information Center: Keyword VIRUS)
It's currently split into 4 sections and contains the following items.
[Though this resource is posted at the same time as the FAQ, it may
not be 100% up-to-date.]
Part 1
- -----
(1) I have a virus - what do I do?
(2) Minimal glossary
(3) What is a virus (Trojan, Worm)?
(4) How do viruses work?
(5) How do viruses spread?
(6) How can I avoid infection?
(7) How does antivirus software work?
Part 2
- -----
(8) What's the best anti-virus software
(and where do I get it)?
(9) Where can I get further information?
(10) Does anyone know about
* Mac viruses?
* UNIX viruses?
* macro viruses?
* the AOLGold virus?
* the xyz PC virus?
(11) Is it true that...?
(12) Favourite myths
* DOS file attributes protect executable files from
infection
* I'm safe from viruses because I don't use bulletin
boards/shareware/Public Domain software
* FDISK /MBR fixes boot sector viruses
* Write-protecting suspect floppies stops infection
* The write-protect tab always stops a disk write
* I can infect my system by running DIR on an infected
disk
Part 3
- -----
(13) What are the legal implications of computer viruses?
Part 4
- -----
(14) Miscellaneous
Are there anti-virus packages which check zipped files?
What's the genb/genp virus?
Where do I get VCL and an assembler, & what's the password?
Send me a virus.
Is it viruses, virii or what?
Where is alt.comp.virus archived?
What about firewalls?
Viruses on CD-ROM.
Removing viruses.
Can't viruses sometimes be useful?
Do I have a virus, and how do I know?
What should be on a (clean) boot disk?
How do I know I have a clean boot disk?
What other tools might I need?
What are rescue disks?
Are there CMOS viruses?
How do I know I'm FTP-ing 'good' software?
What is 386SPART.PAR?
Can I get a virus to test my antivirus package with?
When I do DIR | MORE I see a couple of files with funny names...
Reasons NOT to use FDISK /MBR
Why do people write/distribute viruses?
Where can I get an anti-virus policy?
Are there virus damage statistics?
Placeholders
- --------------------------------------------------------------------
2) The VIRUS-L/comp.virus FAQ [vs. 2.00]
--------------------------
You can get the Mk. 2 version of the VIRUS-L FAQ, maintained by Nick
FitzGerald, at
ftp://ftp.datafellows.com/pub/misc/anti-vir/vlfaq200.zip
ftp://cs.ucr.edu/pub/virus-l/
http://www.drsolomon.com/
This document is subject to revision, so the filename may change in due
course.
Version 2.00 contains the following sections/items.
[Items marked with an asterisk are also in the version 1 document, which
continues to be posted on a monthly basis to the newsgroup, but the
numbering doesn't always correspond between the two versions. The Mk. 2
version is generally more detailed than the Mk. 1. However, the Mk. 1 may
sometimes be easier to get hold of in a hurry]
Section A: Sources of Information and Antivirus Software
(Where can I find HELP?!!)
*A1) What is Virus-L/comp.virus?
*A2) What is the difference between Virus-L and comp.virus?
*A3) How do I get onto or off Virus-L/comp.virus?
*A4) What are the guidelines for Virus-L?
*A5) How can I get back-issues of Virus-L?
*A6) What are the known viruses, their names, major symptoms and
possible cures?
*A7) Where can I get free or shareware antivirus programs?
*A8) Where can I get more information on viruses, etc?
A9) Why is so much of the discussion in Virus-L/comp.virus about PCs
and DOS? Is this forum only for the PC world?
Section B: Definitions
(What is ...?)
*B1) What are computer viruses (and why should I worry about them)?
B2) What is a Worm?
*B3) What is a Trojan Horse?
*B4) What are the main types of PC viruses?
*B5) What is a stealth virus?
*B6) What is a polymorphic virus?
*B7) What are "fast" and "slow" infectors?
*B8) What is a sparse infector?
*B9) What is a companion virus?
*B10) What is an armored virus?
B11) What is a cavity virus?
B12) What is a tunnelling virus?
B13) What is a dropper?
B14) What is an ANSI bomb?
*B15) Miscellaneous Jargon and Abbreviations
Section C: Virus Detection
(Is my computer infected? What do I do?)
*C1) What are the symptoms and indications of a virus infection?
*C2) What steps should be taken in diagnosing and identifying viruses?
*C3) What is the best way to remove a virus?
*C4) What does the <insert name here> virus do?
*C5) What are "false positives" and "false negatives"?
*C6) Can an antivirus program itself be infected?
*C7) Where can I get a virus scanner for my Unix system?
*C8) Why does my scanner report an infection only sometimes?
*C9) I think I have detected a new virus; what do I do?
*C10) CHKDSK reports 639K (or less) total memory on my system; am I
infected?
*C11) I have an infinite loop of sub-directories on my hard drive; am I
infected?
C12) Can a PC not running DOS be infected with a common DOS virus?
C13) My hard-disk's file system has been garbled: Do I have a virus?
Section D: Protection Plans
(What should I do to prepare against viruses?)
D1) What is the best antivirus program?
*D2) Is it possible to protect a computer system with only software?
*D3) Is it possible to write-protect the hard disk with software only?
*D4) What can be done with hardware protection?
*D5) Does setting a file's attributes to READ ONLY protect it from
viruses?
*D6) Do password/access control systems protect my files from viruses?
*D7) Do the protection systems in DR DOS work against viruses?
*D8) Does a write-protect tab on a floppy disk stop viruses?
*D9) Do local area networks (LANs) help to stop viruses or do they
facilitate their spread?
*D10) What is the proper way to make backups?
Section E: Facts and Fibs About Computer Viruses
(Can a virus...?)
*E1) Can boot sector viruses infect non-bootable DOS floppy disks?
*E2) Can a virus hide in a PC's CMOS memory?
*E3) Can a PC virus hide in Extended or in Expanded RAM in a PC?
*E4) Can a virus hide in a PC's Upper Memory or its High Memory Area?
*E5) Can a virus infect data files?
*E6) Can viruses spread from one type of computer to another?
*E7) Are mainframe computers susceptible to computer viruses?
*E8) Some people say that disinfecting files is a bad idea. Is that
true?
*E9) Can I avoid viruses by avoiding shareware, free software or games?
*E10) Can I contract a virus on my PC by performing a "DIR" of an
infected floppy disk?
*E11) Is there any risk in copying data files from an infected floppy
disk to a clean PC's hard disk?
*E12) Can a DOS virus survive and spread on an OS/2 system using the
HPFS file system?
*E13) Under OS/2 2.0+, could a virus infected DOS session infect another
DOS session?
*E14) Can normal DOS viruses work under MS Windows?
E15) Can I get a virus from reading e-mail, BBS message forums or
USENET News?
E16) Can a virus "hide" in a GIF or JPEG file?
Section F: Miscellaneous Questions
(I have heard... I was just wondering...)
*F1) How many viruses are there?
*F2) How do viruses spread so quickly?
*F3) What is the correct plural of "virus"? "Viruses" or "viri" or
"virii" or "vira" or...
*F4) When reporting a virus infection (and looking for assistance), what
information should be included?
*F5) How often should we upgrade our antivirus tools to minimize
software and labor costs and maximize our protection?
F6) What are "virus simulators" and what use are they?
F7) I've heard talk of "good viruses". Is it really possible to use a
computer virus for something useful?
F8) Wouldn't adding self-checking code to your programs be a good idea?
Section G: Specific Virus and Antivirus Software Questions...
*G1) I was infected by the Jerusalem virus and disinfected the infected
files with my favorite antivirus program. However, WordPerfect
and some other programs still refuse to work. Why?
*G2) Is my disk infected with the Stoned virus?
*G3) I was told that the Stoned virus displays the text "Your PC is now
Stoned" at boot time. I have been infected by this virus several
times, but have never seen the message. Why?
*G4) I was infected by both Stoned and Michelangelo. Why has my
computer become unbootable? And why, each time I run my favorite
scanner, does it find one of the viruses and say that it is
removed, but when I run it again, it says that the virus is still
there?
*G5) My scanner finds the Filler and/or Israeli Boot virus in memory,
but after I boot from a clean floppy it reports no viruses. Am I
infected?
G6) I was infected with Flip and now a large part of my hard disk
seems to have disappeared. What has happened?
G7) What does the GenB and/or the GenP virus do?
G8) How do I "boot from a clean floppy"?
G9) My PC diagnostic utility lists "Cascade" amongst the hardware
interrupts (IRQs). Does this mean I have the Cascade virus?
G10) Occasionally the text "welcome datacomp" appears in my Mac
documents without me typing it. Is this a virus?
G11) How good are the antivirus tools included with MS-DOS 6?
G12) When I do a "DIR | MORE", I see two files with random names that
are not there when I just use "DIR". On my friends's system they
cannot be seen. Do I have a virus?
G13) What is the ChipAway virus? (Or ChipAwayVirus?)
- --------------------------------------------------------------------
(6) Macro-virus FAQ [version 2.0]
---------------
Richard Martin maintains an FAQ on macro viruses. It is frequently
posted to alt.comp.virus, and also available from:
ftp.gate.net/pub/users/ris1/word.faq
http://learn.senecac.on.ca/~jeashe/hsdemonz.htm
E-mail to Bd326@TorFree.Net
Subject: "PLEASE SEND FAQ"
*OR*
Subject: "ADD TO MAIL LIST"
*OR*
Subject: "REMOVE FROM FAQ MAIL LIST"
VIRUS WATCH BBS (416)654-3814
The Word macro FAQ contains the following.
TOPICS/QUESTIONS:
Preface: INTRODUCTION
=====================
1) WHAT IS A MACRO? WHAT IS A WORD MACRO?
1.1> WHAT IS A VIRUS?
1.2> WHAT IS A MS WORD MACRO VIRUS?
2) HOW DOES INFECTION OCCUR?
3) KNOWN FEATURES AND LIMITATIONS OF THE WINWORD FAMILY OF VIRUSES
4) VIRUS EXAMPLES
- 4.1 - CONCEPT
- 4.2 - NUCLEAR
- 4.3 - COLORS
- 4.4 - DMV
- 4.5 - HOT * NEW *
- 4.6 - MS WORD 2/MS WORD 6.x MACRO TROJAN WEIDEROFFEN * NEW*
- 4.7 - AMI PRO 3.0 MACRO VIRUS GREEN STRIPE * NEW *
- 4.8 - WORDMACRO ATOM / ATOMIC * NEW *
- 4.9 - FORMATC MACRO TROJAN * NEW *
5) STRATEGY FOR CLEANING AND PREVENTING WORD MACRO INFECTIONS
6) SUGGESTED SOFTWARE:
-PRODUCTS THAT CAN DETECT/CLEAN WINWORD VIRUSES INFECTIONS
IN DOCUMENTS
7) CREDITS & THANKS
8) DISTRIBUTION INFORMATION
9) WHERE CAN I OBTAIN UPDATED COPIES OF THIS FAQ?
10) QUESTIONS THAT STILL NEED TO BE ANSWERED...
11) DISCLAIMER
- --------------------------------------------------~
alt.comp.virus mini-FAQ [vs 1.01c at time of posting]
This is maintained by George Wenzel, and contains some of the information
we'd most like people to see *before* they post frequently-asked questions.
It is posted very frequently to alt.comp.virus, and contains
* advice on what info to include when asking for help, what to do and
what not to do.
* pointers to information on newsgroup etiquette
* Basic answers to common questions:
- Good Times virus hoax
- PKZip 3.00 trojan
- Psychic Neon Buddha Jesus 'virus'
- where to get evaluation copies/shareware, contact info, &
comparative reviews
- why there are no known viruses which damage hardware
- testing your antivirus software with the EICAR test file
- where to get FAQs
- where to get info on specific viruses.
- -
David Harley <harley@icrf.icnet.uk>;
Support & Security Analyst
Imperial Cancer Research Fund