F-PROT Professional Update Bulletins
F-PROT Professional 2.17 Update Bulletin
CONTENTS BRIEFLY
--- Contents 2/95
--- F-PROT Gatekeeper - the first in the world
--- The Global Virus Situation
--- Tai-Pan.666
--- The "POX ON YOU" -Trojan Horse
--- News in Short
--- Form Strikes Again
--- DE.EXE and Mange-Tout
--- F-PROT- Support Informs: Common Questions and Answers
--- Changes in F-PROT Professional version 2.17
--- F-ARC, a New Utility Program
--- Changes in F-PROT Professional for DOS
--- Changes in F-PROT for Windows
--- New Viruses Detected by F-PROT 2.17
F-Secure Ltd, Paivantaite 8, FIN-02210 ESPOO, Finland
Tel. +358-0-478 444, Fax +358-0-478 44 599, E-mail: f-prot@datafellows.fi
This material can be freely quoted in Europe, Africa and Asia when
the source, F-PROT Professional Update Bulletin 2.17 is mentioned.
Copyright (c) 1995 F-Secure Ltd.
Contents 2/95
F-PROT Gatekeeper - the first in the world
The Global Virus Situation
Tai-Pan.666
The "POX ON YOU" -Trojan Horse
News in Short
Form Strikes Again
DE.EXE and Mange-Tout
F-PROT- Support Informs: Common Questions and Answers
Changes in F-PROT Professional version 2.17
F-PROT Gatekeeper - the first in the world
Today virus protection has become an important concern
for companies and organizations, although the use of
anti-virus programs in itself can only be considered a
necessary evil.
F-Secure Ltd. has made the F-PROT Professional anti-
virus software as easy-to-use, user-friendly and
automated as possible. Now F-Secure Ltd. has
developed an even easier way to protect computers against
viruses - a way that is the first of its kind in the
world.
F-PROT Gatekeeper is a Windows background protection
program. It searches for viruses by using F-PROT's Secure
Scan, which means that it is capable of detecting
practically all known viruses - including the elusive
polymorphic viruses, which are normally very difficult to
detect. F-PROT Gatekeeper is part of the F-PROT for
Windows package, and it can be installed to function
either by itself or together with F-PROT for Windows.
F-PROT Gatekeeper provides an excellent way to protect a
company's Windows workstations, for it functions as long
as Windows is running - and extends its protection also
to DOS sessions which are run under Windows.
In F-PROT Gatekeeper's development, we paid special
attention to the needs of the companies whose
workstations are connected to a network. F-PROT
Gatekeeper communicates directly with the network
administrator, reporting all the virus incidents detected
in the network's workstations. F-PROT Gatekeeper is also
easy to install and maintain centrally via the network.
There are several installation options available to the
network administrator. The program doesn't have to be
installed separately to every workstation - it can be
automatically installed to the network's workstations
from the network server. The program's updates can
likewise be distributed via the network in a similar
manner. The new version needs only to be copied to the
server, and the individual workstations will
automatically fetch it from there.
F-PROT Gatekeeper was publicly tested in Internet. The
test was a success - over 1500 companies and private
users downloaded the test version from our ftp server.
The Global Virus Situation
Tai-Pan.666
During 1994, the Tai-Pan virus became rapidly very
common. Since the end of the year, a new variant of this
virus has also managed to spread widely. The size of the
original Tai-Pan was 438 bytes; the new version is 666
bytes long, and it is therefore known as Tai-Pan.666.
Tai-Pan.666 was first found in Belgium, in December 1994.
The functioning of Tai-Pan is quite simple; it goes
resident in the computer's memory and infects nearly all
executed EXE files. The virus does not infect programs
which are larger than 64 kilobytes. Infected files grow
by 666 bytes. Tai-Pan does not actually try to do
anything besides spreading itself, but it may
occasionally crash the computer.
Tai-Pan.666 contains the following text strings:
DOOM2.EXE
Illegal DOOM II signature
Your version of DOOM2.EXE matches the illegal
RAZOR release of DOOM2
Say bye-bye HD
The programmer of DOOM II DEATH is in no
way affiliated with ID software.
ID software is in no way affiliated with
DOOM II DEATH.
Because of these texts, Tai-Pan.666 is also known as
"DOOM II DEATH". Despite all the threats, Tai-Pan.666
does not contain destructive routines or single the DOOM
game out for its attacks.
Ironically, one avenue by which Tai-Pan.666 managed to
spread was "DOOM II Mania #1", a CD-ROM disk featuring
DOOM themes. The disk was published in the beginning of
1995 by Tech Express Software. The company has now drawn
the disk from the market.
F-PROT can detect and remove the Tai-Pan.666 virus.
The "POX ON YOU" -Trojan Horse
During the last few months, many PC users have been
confronted with a mystical "Pox on you" -message which
appears on the computer's display when the machine is
booted. When the matter was examined, the message was
traced to an IDE driver file called CMD640X.SYS. The file
comes with CMD PCI IDE drivers.
The message is not caused by a virus, nor has the
original program file been tampered in any way. Rather,
it seems that the driver's programmer has added a Trojan
Horse routine to CMD640X.SYS as a "joke".
CMD640X.SYS activates randomly. It keeps printing the
following message on the screen for a while, after which
it crashes the computer.
A poX oN yOu!! yoU wiLl bUrN iN tHe fiReS of HeLl!! A poX
oN yOu!! yoU wiLl bUrN iN tHe fiReS of HeLl!! A poX oN
yOu!! yoU wiLl bUrN iN tHe fiReS of HeLl!!
The only way to eliminate this nuisance is to install a
sanitized version of the CMD driver into the computer.
News in Short
Form Strikes Again
Form, the most common virus in the world, is still going
strong. The latest Form incident took place in
Microsoft's developer meeting in London, during which a
Form-infected diskette was distributed to 160 developers.
Luckily, the infection was noticed in time to warn all
the people involved. At the moment it is still a mystery
how the Form diskettes managed to slip past all the usual
virus checks.
DE.EXE and Mange-Tout
In the last Update Bulletin, we mentioned that
preformatted 3.5" HD diskettes which contain a file
called DE.EXE, infected by the Mange-Tout.1099 virus,
have been found in the circulation. After that, diskettes
which contain the same DE.EXE - but without the infection
- have also been found.
F-PROT- Support Informs: Common Questions and Answers
If you have questions about information security or virus
prevention, contact your local F-PROT distributor. You
can also contact F-Secure directly in the number +358-
0-478 444.
Written questions can be mailed to:
F-Secure Ltd
F-PROT Support
Paivantaite 8
FIN-02210 ESPOO
FINLAND
Questions can also be sent by electronic mail to:
Internet: f-prot@datafellows.fi; X.400: S=F-PROT, OU1=DF,
O=elma, P=inet, A=mailnet C=fi.
When I turned on my brand-new computer, the message
"Chipaway virus enabled" flashed past during the boot-up.
No viruses were found when I ran a virus check, however,
and F-PROT's virus description database contains no
mention of a virus called Chipaway.
Chipaway is not a virus, but an anti-virus program.
It is included in the BIOS of some newer computers.
The program's start-up message is, undeniably, a
little bit confusing.
F-PROT detected the PMBS virus in my computer's
memory. I cold-booted my computer from a clean
diskette and ran a virus check. For some reason,
F-PROT identified the virus it found as
Stealth_Boot.C. Why did the viruse's name change all
of a sudden?
When F-PROT detects a virus in the computer's
memory, it does not perform a precise
identification. Therefore, the name given by the
memory check may not match that reported by the
program's full scan. VIRSTOP does not perform a
precise identification, either; however, the new
F-PROT Gatekeeper - the F-PROT Professional for
Windows active protection, does.
We use a Windows for Workgroups network, in which the
network disks become visible to users only after Windows
has been started. What is the easiest way to implement
automatic updating of VIRSTOP or F-PROT Professional for
Windows in this kind of an environment?
Traditional, batch file -based methods for automatic
updating function also in Windows for Workgroups
networks. A more elegant solution, however, is to
take advantage of our F-CMDW utility program. F-CMDW
is a Windows program - with it, computers do not
need to jump from Windows into a DOS session
straight after logging in. F-CMDW functions also
with Lan Manager's newer versions (in which users
can log in from Windows).
F-CMDW can be had for free from F-PROT Support.
Changes in F-PROT Professional version 2.17
F-ARC, a New Utility Program
F-ARC.EXE is a new utility program for scanning packed
files. F-ARC locates archive files, extracts their
contents by using your own unpacking software, and
employs F-PROT to scan them for viruses.
F-ARC's syntax goes as follows:
F-ARC [/ALL] [/LIST] <file|<drive>|<dir> ...
The explanations for the command parameters are:
/ALL Scan all files inside archives.
/LIST List all archive files in the log file.
<file> The archive file to be scanned. Only one file
name can be specified if this parameter is used.
<drive> The drive to be searched for archive files. It
is possible to specify more than one drive.
<dir> The directory to be searched for archive files.
It is possible to specify more than one directory.
Examples of F-ARC's use:
F-ARC /all c: d: Scan all files in all archive files
located in drives c: and d:.
F-ARC c:\foo\bar.zip Scan for viruses inside the
archive BAR.ZIP.
F-ARC's settings are stored in the file F-ARC.INI. The
various settings and their explanations are listed below:
[F-ARC] ;The files header.
scanner=c:\f-prot\f-prot.exe ;The location of F-PROT.
append=0 ;Append to (1) or overwrite (0) the log file.
memscan=1 ;Start by scanning memory with F-PROT: yes (1)
;or no (0).
tmpdir=C:\F-TMP ;The temporary storage location for
;extracted files.
[Packer1] ;Unpacking program number 1.
packer=c:\bin\arj.exe ;The full pathname of the unpacking
;program.
parms=x /y ;Parameters for the unpacking program.
extension=.arj ;The file extension of archive files which
;can be extracted by using this program.
In F-ARC.INI, it is possible to specify up to five (5)
different extraction programs. The log file used by F-ARC
is called F-ARC.LOG.
Changes in F-PROT Professional for DOS
Major changes
The names of several viruses have been changed, and new
names have been assigned to viruses which previously had
only temporary names (names which started with an
underscore). Some of these changes are due to changes in
classification, some were made in order to make the
naming system more regular.A couple of these renamings
deserve a separate mention. "Jerusalem.Vtech" viruses are
now known as "Jerusalem.HK" viruses - these viruses
having nothing whatsoever to do with Vtech computers. For
the same reason, the Prodigy virus has been renamed
Glupak, and Coke has been renamed Coker.
Our definition for "invalid files" has been changed a
bit. Previously, we used the same classification method
as the DEBUG program - if DEBUG displayed "Error in EXE
or HEX file" when attempting to load a file, F-PROT would
give an "Invalid file" report of the same file. However,
some of these "invalid" files will actually run, at least
under some versions of DOS, and this is now taken into
consideration.
The following problems have been found and corrected:
EXE files infected with the Astra.1010 virus were
previously reported to have been infected by a "new or
modified variant of Astra".
Files infected by the Zero_Hunter.415 virus were not
disinfected correctly.
Some Leprosy.591- and Emmie.2620 -infected files were not
identified correctly. Instead, they were reported as "New
or modified variant of ...".
Sometimes, when reporting "companion" viruses, F-PROT
would incorrectly add a message like "truncated (5273
bytes missing)" to its report.
The following false alarms have been fixed:
If Heuristic Analysis was used, F-PROT gave false alarms
of the files CDBENCH.EXE, DGKEY.COM and L2D.EXE.
PS7_IDC.DLL was flagged as a possible variant of Aurea.
Minor improvements and changes
Testing has revealed a problem, involving random memory
errors, on some machines. This problem is not detected by
parity checking. The problem is generally caused either
by too few wait states or a faulty cache memory. This
problem has so far been found only on 486/66- and
Pentium/90 machines.This problem may have unpredictable
effects on various programs, including F-PROT. It may
cause the message "checksum error in SIGN.DEF" to be
displayed, or corrupt search strings randomly, thus
causing false positives or false negatives. F-PROT will
now attempt to recognize this situation, by checksumming
the search strings before and after scanning. If the
checksums are not identical, a warning message will be
displayed.
Changes in F-PROT for Windows
F-PROT Gatekeeper has been added to the Windows version.
Communications manager initialization has been rewritten.
This has the following consequences:
If the communication directory is not valid, F-PROT for
Windows will no longer automatically erase the
communication directory entry. Instead, it will simply
not use the network features. When the network path
becomes valid again, the network features are re-enabled.
F-PROT for Windows will allow communications directories
to be established on Workgroup drives.
F-PROT for Windows will not use the Seedword (Workgroup
Name) in SEED.FP_ any more.
The automatic search for communications directory has
been removed.
Administrator's menu items "Read User Reports" and "Read
User Messages", as well as the "Read Bulletins" button,
will be disabled when the network is unavailable.
Other changes:
F-PROT for Windows contained a bug which prevented task
saving in the administration mode if users were not
allowed to modify tasks. This has been fixed.
Memory scan has been slightly changed (an additional
selector limit check is performed).
A check is performed when reports are read: F-PROT for
Windows used to crash if the report file was corrupted in
such a way that the number of reports was too big.
Quick Scan has been removed; all tasks are now executed
by using Secure Scan. The Quick Scan option has been
removed from the "Task Settings" dialog. Note that
SCAN_Q.DLL is still needed, for it is used for fetching
virus names into old reports made with Quick Scan.
FPWINSC.DLL is not used any more, however.
The "All" and "New Only" buttons in the "Read Bulletins"
dialog work properly now.
Reports which had been read with the program's previous
versions were not marked as "Read" in the "Read User
Reports" dialog. This has been corrected.
The Disinfect/Rename/Delete confirmation dialog will now
stay on screen for 15 minutes before closing
automatically, instead of the 20 seconds it was open
before.
The opening of the "Task Settings" dialog has been
optimized. The dialog used to be especially slow to open
in systems with many network drives; that was due to the
fact that the volume labels of all drives were read
separately every time the dialog was opened. Now, the
volume labels are read only when the "Task Settings"
dialog is opened for the first time; after that, the
volume labels are stored in memory, from which they are
retrieved the next time the dialog is opened. This
behavior can be overridden by setting "nolabelcache" on
the F-PROTW environment variable.
The "Read User Messages" function has been vastly
optimized: it is up to ten times faster than before.
The "Read User Reports" function has been vastly
optimized: it is up to ten times faster than before.
The startup of F-PROT for Windows has been optimized:
launch takes up less time now.
Credits screen will be shown in the "About" dialog when
F1 is pressed.
CFG/INI read- and write operations have been rewritten.
This should greatly benefit the OS/2 version. The new
routines are now used in most cases for reading and
writing F-PROTW.CFG, FPWNET.CFG and the task files.
The checkbox "[X] Notify at Startup if Invalid" has been
added to the Network preferences. If it is not checked,
neither F-PROT for Windows nor F-Agent will display an
error message at startup if the communications directory
is inaccessible. The checkbox is not checked by default.
When F-PROT for Windows is receiving bulletins, the
mouse's pointer turns into an hourglass.
F-PROT for Windows used to display an error message box
if a remote CD-ROM drive was not ready when network scans
were performed; this had the tendency to interrupt
scheduled network scans. This error message has been
removed. Now, the program will only write the message
"ERROR READING DRIVE d:" to the report, and the scan can
continue uninterrupted.
New Viruses Detected by F-PROT 2.17
The following 77 viruses are now identified, but can not
be removed as they overwrite or corrupt infected files.
Some of them were detected by earlier versions of F-PROT,
but not identified accurately.
_1792
Anarchy
Assassin.952
Assassin.959
Belorussia
Burger.441.C
Burger.560.AW
Burger.560.AX
Burger.560.AY
Burger.560.AZ
Burger.560.BA
Burma.442.C
Burma.442.D
Consumed
Demand.666.B
Demand.789.B
DS
HLLO.4240
HLLO.8608
HLLO.Hepatitus
HLLO.Joker.B
HLLO.Number_1.E
HLLO.Tyst
HLLO.Virms
IVP.200
IVP.365
IVP.374
IVP.478
Leprosy.573
Leprosy.666.I
Leprosy.666.L
Leprosy.666.N
Leprosy.1306
Leprosy.47857
Leprosy.Lubec
Leprosy.Skism.808.E
Lseek
Material
Milan.WWT.125.D
Mr_Twister
Necropolis.D
Ooops
Over1644
Radish.8444
Radish.8466
SillyOR.131
Simple_Minded.123
Simple_Minded.207
Sum
TheDraw
Trivial.27.B
Trivial.30.I
Trivial.32.C
Trivial.33.B
Trivial.42.H
Trivial.45.F
Trivial.46.B
Trivial.75
Trivial.82
Trivial.92
Trivial.99
Trivial.157
Trivial.346
Trivial.579
Trivial.Tom
VCL.288
VCL.302
VCL.457
VCL.1297
VCL.Fire
VCL.Mindless.423.D
VCL.Mindless.423.E
VCL.Mindless.423.F
VCL.Mindless.423.G
VCL.Monet.267
VCL.Monet.466 and
VCL.Viral_Messiah.705
Zero-to-O.C
The following 372 new viruses can now be removed. Many of
them were detected by earlier versions, but are now
identified accurately.
_376
_490
_535
_1054
_1125
_3120
Alex_II
Alex&Solo
Andreew
AntiCad.4096.K
Anticheck
AntiPascal_II.400.B
ARCV.Ice-9.639.B
Arjworm
Armagedon.1079.F
Austr_Parasite.543
Ash.280.B
Baba.350
Better_World.F
Blue_Nine.A
Blue_Nine.B
BootExe.203
BootExe.204
Breaking.B
BW.371
Cascade.1701.AC
Cascade.1701.AE
Cascade.1701.AF
Cascade.1704.AA
Cascade.1704.AB
Catscratch
Cavaco
Chaos.1181.L
Charm
Cholera.A
Cholera.B
CLME.1952
Clonewar.923.D
Cpxk.B
CSF
Danish_Tiny.263
Dark_Avenger.1800.N
Dark_Avenger.1800.O
Dark_Avenger.2000.Satan
Deathboy.640
Dead.1374
Deaf.1119
Dei.1948
Demand
Dennis.689
Diamond.1024.C
Digress
Drunk
DSU.1414
DSU.1422
Eader
Ear.Ear.1024.C
Ear.Ear.1026
Easy
Emmie.2702
Este
Exp.1617
Exp.1619
F-soft.633
F-soft.656
Faerie.286.A
Faerie.286.B
Faillure
Father_Mac.269
Father_Christmas
Fewster
Firewalk
Five_days
Flip.2153.F
Flip.2153.I
Form.F
Galya
Gambler
Gidra.502
Ginger.2624
Gippo.Stunning.B
Glitch.449
Good_Doctor
Gotcha.828
Gotcha.1778
Grazie.859
Grazie.1361.C
Grog.216
Grog.926
Grunt.344
Gysium
H_Andromeda.725
Helloween.1160
Hellspawn.1071
Hermanos.2015
HLL.3779
HLL.4075
HLL.4568
HLL.4984
HLL.8304
HLL.Birthday.5824
HLL.Birthday.7808
HLL.Linda
HLL.RSW
HLL.Rust
HLLC.8736
HLLC.14880
HLLC.1769.B
HLLC.Enrico
HLLC.Unvisible.A
HLLC.Unvisible.B
HS.903
Icelandic.1600
Intruder.1336
Intruder.1353
Inv-evil.769
Int78.B
IT.462
IVP.705
IVP.803
IVP.927
IVP.Bad_Friday
IVP.Silo
IVP.Thursday
J&M.B
Jaat
Jerusalem.1808.Blank.D
Jerusalem.1808.Zeros
Jerusalem.2000
Jerusalem.2465
Jerusalem.2472
Jerusalem.AntiCad.2900.ABT.B
Jerusalem.Fu_Manchu.C
Jerusalem.Maroccan
Jerusalem.PSQR.D
Jerusalem.Sunday.O
John
Jtemp
Kaos.C
Keyboard-bug.1568
Keypress.935
Keypress.995
Keypress.1232.O
Keypress.1232.P
Keypress.1266
Kela.1171
Kela.1735
Kela.1904
Kela.2520
Kela.2530
Keybug.1268
Khiznjak.692.B
Khiznjak.719
Khiznjak.731
Khiznjak.749
Khiznjak.765
Khiznjak.823
Khiznjak.846
Khiznjak.1269
Kid.434
Kiwi.512
Klubb
Krad
Kyokushinkai.2048.A
Kyokushinkai.3072
Leath
Lehigh.B
Lemming.2151
Lesson_I.300
Letter_H
Little.B
Loki.1228
Lubek
Lyceum.944
Lyceum.1800
Magda
MegaS
Metal.400
Micro.B
Mirea.925
Mirea.950
Mirea.1953
Mirea.1962
MMIR.279
MMIR.421.B
Mooc
Mr_Gu.545
Multiflu.791
Multiplex.815
Murphy.Pest.B
Murphy.Tormentor.1072.C
My_Child.B
Natas.4774
New_Year
Ng.706
Ng.914
Ng.1036
Night_knight
Ninety_two
Nr
Ohm
Orchid.351
Overdoze.470
Overdoze.472
P&C
Patoruzu
Peep
PDV
Pixel.850.B
Polonaise
Powertrip
Press.B
Prodigy
Proto-T.599.B
Proto-T.602
Proto-T.654
PS-MPC.310
PS-MPC.311.B
PS-MPC.388
PS-MPC.430
PS-MPC.441
PS-MPC.487
PS-MPC.480
PS-MPC.504
PS-MPC.510
PS-MPC.517
PS-MPC.564.C
PS-MPC.564.D
PS-MPC.565.I
PS-MPC.574.F
PS-MPC.578.N
PS-MPC.578.O
PS-MPC.578.P
PS-MPC.578.Q
PS-MPC.598.D
PS-MPC.598.E
PS-MPC.598.F
PS-MPC.606.G
PS-MPC.1295
PS-MPC.DemoExe.32947
PS-MPC.Dork
PS-MPC.G2.Puppet
PS-MPC.G2.Stargate
PS-MPC.HD
PS-MPC.Mema.1187
PS-MPC.Mema.1201
PS-MPC.Mema.1203
PS-MPC.Mema.1217
PS-MPC.Mercenary
PS-MPC.Payrise.874
PS-MPC.Shrimp
PS-MPC.Snort
PS-MPC.Weak
Pure.440
Quarry
Rajaat.287
Rajaat.443
Rajaat.679
Rajaat.700
Realize
Red_October
Reedcat
Republic
Rescue
Retix
Rodolf
Sandy.1107
Satyricon.355
Sauron_II
Scratch.374
Shirley.C
Shizol
SillyC.96
SillyC.128
SillyC.144
SillyC.169.B
SillyC.179
SillyC.190
SillyC.215.B
SillyC.264
SillyC.302
SillyC.331
SillyC.343
SillyC.498
SillyC.563
SillyC.626
SillyCR.76
SillyCR.80
SillyCR.125
SillyCR.130
SillyCR.131
SillyCR.200
SillyCR.239
SillyCR.240
SillyCR.261
SillyCR.264
SillyCR.330
SillyCR.357
SillyCR.563
SillyCER.307
SillyER.323
Simplex.504
Simplex.507
Sink
Siskin.763
Sistor.2605
Slava
Small_comp.89
Sofia_Term.899
Soldier
Sql
SRP.2264
Stinkfoot.1283.A
Stinkfoot.1283.B
Sylvia.1332.F
Syslock.Syslock.F
Tai-Pan.434
Tamsui.19033
Tokyo.1068
Traceback.2930.B
Trakia.653
Trash
Trash_soft
Try
Tver.532
Twisted.239
Twisted.461
Union
Ussr-414
UTA
Uucckk
Uvjan
V-160.164
VBasic.G
VCL.208
VCL.279
VCL.315
VCL.316
VCL.342
VCL.Anston.B
VCL.Bev.516.B
VCL.Catholic
VCL.Code_Zero.652.B
VCL.Genesis.738
VCL.Grail
VCL.Heevahava.520
VCL.Lobo
VCL.Pleasure
VCM
Vcode
Vienna.486
Vienna.620
Vienna.648.AF
Vienna.BNB.K
Vienna.BNB.L
Vienna.Violator.5305
Viv
Vor.1536.A
Vor.1536.B
Vor.1536.C
Vor.1584
Wally.981
Wart
WMA
Write
XAM_II
Yankee-Doodle.TP.44.E
YB.402
Zero_Hunter.415.B
Zero_Hunter.415.C
Zero_Hunter.415.D
Zielona
The following 171 new viruses are now detected and
identified but can not yet be removed.
_1685
2-up
4On
AC
Annihilator.272
Annihilator.304
Annihilator.357
Annihilator.379
Annihilator.390
Annihilator.412
Annihilator.711
Anston.1782
Antipode
Attitude.827
Australian_Parasite.Split.1033
Australian_Parasite.Split.1035
Backform.A
Backform.B
Badcommand
Ball
Beer.3192.B
Bettle
Blackhack
BoxBox
Bug
BW.474
Cannibal
CHCC.1428
CLI&HLT
Congrats.918
CorpLife
Cybertech.552
D-K
Daemaen.2041
Dalian
DBF.990
DBF.1115
Deathboy.893
Deathboy.912
Deathboy.931
Deathboy.937
Dementia
DIR-II.1024.E
DIR-II.1024.J
DIR-II.2048
DIS
Dodger
Drug
E-Morph
Emmie.2604
Emmie.2823
Emmie.3097
Eternity.410
Eternity.411
Eternity.562
Eternity.599
Exterminator
Father_Mac.289
Father_Mac.303
Father_Mac.789
Father_Mac.836
Father_Mac.1360
Father_Mac.1455
Father_Mac.1470
Father_Mac.1495
Father_Mac.1496
FF_char
Fraud.600
Fraud.666
Girls
Ha!.1224
Halka
Hello.615
Hello.640
Hello.720
Hellspawn.Gif.681
Hermanos.27773
HLL.3677.B
HLL.4942
HLL.5000
HLL.LouLou
Hnyslov
Honey.1029
I_am
Ieronim_III
Inquis
IVP.510
IVP.665
IVP.766
IVP.811
IVP.827
IVP.874
IVP.886
IVP.939
IVP.974
IVP.2316
Kela.823
Keyboard_bug.2262
Keypress.1000
Khai
Khiznjak.515
Khiznjak.565
Khiznjak.1011
Konkoor.1933
KSV
Leech.1025
Leech.1026
Legozz
Loren.1374
Megabug
Mirror_II
Miss_D
Monte_Carlo.1483
Monte_Carlo.1541
Mut-int.694
No_of_the_Beast.Z
Nocopy.3685
NRLG.666
NRLG.755
NRLG.813
NRLG.824
NRLG.853
NRLG.865
NRLG.901
NRLG.964
NRLG.985
NRLG.1001
NRLG.1007
NRLG.1009
Orchid.311
Ostap
Otti
PCBB.1679
PCBB.3072.A
PCBB.3072.B
PD
Pfeifer
Phyton
Pinky.1124
Poison
Pollution.822
Predator.1072.B
Prime.1164
PS-MPC.DK.693
Psychosis.1195
Pyramid
Renegade
Rest
RMNS.736.B
Robal
Ryazan.B
Sabados
Scramble.1203
Scramble.1253
Scramble.1256
Screaming_Fist.512
Sentinel.4636.B
Shatin
Skater.673
Tina
TS.1200
TS.1235
TS.1418
Tver.776
VCL.511
VCL.2037
VCL.Genocide.952
VCL.Genocide.981
Verb
Vic.793
Vinchuca
Vinnitsa.1620
Vinnitsa.1658
Vodka
VVF.1868
Wasp.623
Wasp.903
Wormsign
Zherkov.2269
Zipper
The following 16 new viruses are now detected, but not
identified. F-PROT will just report the family name with
a (?), as it is not yet able to determine which variant
it is dealing with. Disinfection of these viruses is not
yes possible.
DSME.Apex
DSME.Connie.B
DSME.Demo
DSME.Teacher
Minosse
Mombasa
Mutagen.0_90.Agent
Mutagen.0_95.Agent
Mutagen.1_00.Agent
Mutagen.1_00.Secret
Mutagen.1_10.Agent.A
Mutagen.1_10.Agent.B
Mutagen.1_10.Hitek
S-bug.Fruitfly
Scacchi.Bishop
Scacchi.Rook
The following 1 viruses which were identified by earlier
versions can now be removed.
Singapore
Over 120 viruses have been renamed.
F-PROT Professional 2.17 Update Bulletin
F-Secure Ltd, Paivantaite 8, FIN-02210 ESPOO, Finland
Tel. +358-0-478 444, Fax +358-0-478 44 599, E-mail: f-prot@datafellows.fi
This material can be freely quoted in Europe, Africa and Asia when
the source, F-PROT Professional Update Bulletin 2.17 is mentioned.
Copyright (c) 1995 F-Secure Ltd.
F-PROT Professional Support < f-prot@datafellows.fi >
.
.
|
|
