Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: RADAI1@HBUNOS.BITNET (Y. Radai)
Newsgroups: comp.virus
Subject: Israeli boot viruses; New UnVirus (PC)
Message-ID: <0001.8908041206.AA09232@ge.sei.cmu.edu>
Date: 3 Aug 89 14:07:48 GMT
Sender: Virus Discussion List
Lines: 47
Approved: krvw@sei.cmu.edu
Israeli boot-sector viruses
---------------------------
At least two boot-sector viruses were discovered in Israel recently.
One, which hooks interrupt 17h and causes letters sent to the printer
to be replaced by similar sounding ones, was reported by Yair Gany and
by myself in VIRUS-L at the end of June. I referred to it then as the
"Mistake" virus, but I now prefer the name "Typo".
Another virus, mentioned by John McAfee a few days ago, was de-
scribed only as being a boot-sector virus discovered in Israel; he
suggested calling it the "Israeli Boot" virus since he thought that no
such viruses had been reported from Israel previously. But since the
Typo is also a boot-sector virus, John's suggestion is inappropriate.
I have not yet seen the new virus in action, but according to info
sent me by Yuval Tal, it causes letters on the screen to fall. (There
are two other viruses which fit this description: the Cascade/Autumn/
Blackjack virus and the Traceback virus, but they infect files, not
boot sectors.) I suggest we call it the Swap virus, since the words
SWAP VIRUS FAT12 appear in the modified boot sector.
New version of UNVIRUS
----------------------
A few weeks ago I offered to send the virus-eradicating program
UNVIRUS to anyone who wanted it. It has now been updated to eradicate
many more viruses. I have sent a package UNVIR6.ARC to Keith Petersen
for uploading to the SIMTEL20 archive. It consists of the following
three files:
UNVIR6.DOC Instructions for use of the following two programs.
UNVIRUS.EXE Eradicates Israeli (2 strains), Ping-Pong, Brain, Typo,
(Vers. 6) April-1-Com, April-1-Exe.
IMMUNE.EXE Prevents infection by Israeli and April-1 viruses and
(Vers. 5) notifies of presence in RAM of any boot-sector virus.
The authors (Yuval Rakavy and Omri Mann) plan to extend UNVIRUS to
many more viruses in the near$future, but they always give priority to
those which have appeared in Israel. The next virus on the list will
evidently be the Swap virus.
Y. Radai
Hebrew Univ. of Jerusalem
P.S. Please do not send requests for UNVIR6 to me. If it is not
yet on SIMTEL20 it soon will be.