Virus SATAN BUG
Živjo!
Samo ta virus Satan Bug je prastara zadeva iz prejšnjega tisočletja.
Pa ne mi reči, da si ga staknil….
Spodaj imaš pa opis.
lp
NAME: Satan Bug virus
PLATFORM: MS-DOS/PC-DOS Computers
TYPE: Memory resident, polymorphic, encrypted
DAMAGE: Infects .COM, .EXE, .SYS, and .OVL files. Damages infected
files, makes LANs inaccessible by damaging the LAN drivers.
SYMPTOMS: Files grow at each infection, file dates change, files on LAN
file servers become inaccessible.
DETECTION: DataPhysician Plus 4.0D, Scan V106, Norton AntiVirus 2.1 with
August 1993 virus definitions.
__________________________________________________________________________
Critical Facts about the Satan Bug Virus
CIAC has been alerted that the Satan Bug virus, a new virus previously thought
to be contained, has been located at multiple sites in the “wild.” The Satan
Bug virus is an encrypted, polymorphic virus that infects all .COM, .EXE,
.SYS, and .OVL files on MS-DOS/PC-DOS computers.
Infection Mechanism
When an infected file is run, the virus installs itself in memory, and then
infects COMMAND.COM. Thereafter, whenever an executable file is opened or
executed it is infected with the virus. Infected files grow in size from 2.9K
to 5.4K bytes, and the creation date is increased by 100 years.
Potential Damage
It does not appear that this virus does any intentional damage, but infected
files may be inoperative. In addition, the virus is not easily removed from
infected files, requiring that they be replaced with uninfected copies from
backup disks (See Appendix). The virus damages network drivers, making it
impossible for a machine to connect to a network and use network services.
Detection
Anti-virus scanners dated before August 1993 that use virus signature scanning
will not be able to recognize this virus. Anti-virus scanners that use file
signature scanning should be able to detect that the files have been changed,
but will not be able to name the virus. Most anti-virus scanner vendors are
updating their programs at this time, so scanners dated after August 1993
should be able to detect the virus by name. As of the release of this
bulletin, McAfee’s SCANV 106 and Norton AntiVirus version 2.1 with the August
1993 virus definitions update are known to detect it. The DataPhysician Plus
package (VirHunt, ResScan) version 4.0D is in final testing and will be
available soon.
Warning
If you run an infected anti-virus scanner, nearly every executable file on
your disk will be infected. Virus scanners must open a file to scan it, and if
this virus is in memory, the act of opening the file for scanning will infect
it. Most scanners first check themselves to see if they are infected with a
virus, and display a “Virus Found” or “File Damaged” message when they start
up. If this happens, do not scan your disk with this scanner. Even if the
scanner claims that it can remove the virus from itself, don’t scan your disk
with it. The memory resident portion of the virus will still infect your disk.
To scan a computer infected with a memory resident virus like the Satan Bug
virus, you must boot the computer with a clean (uninfected), locked floppy
that contains a clean version of the virus scanner software. Delete any
infected files the scanner finds, and replace them with fresh copies. See the
Appendix for more information.
Ali je možno, da bi kakšen drug novejši virus povzročil takšen lažni alarm?
Ponoči jim je menda za daljši čas zmanjkalo toka, tudi ups ni pomagal.
Zjutraj se server ni hotel takoj postaviti, po drugem poskusu jim je uspelo, na enem od rač. je Panda odkrila ta virus v memoriji.
Preseneča jih to, da zadnje dni niso uporabljali nobenih starih datotek, niti cd-jev ali disket. Dejavnost je računovodska, nekaj imajo še DOS aplikacij, ostalo že v Windows okolju.
Forum je zaprt za komentiranje.