Am I infected

[Bart Bailey]

Want to know if there are any exe or com infectors active on your
system?
Virus Trap 1.0 creates a set of two test files (exe & com) with known
crc values then executes them and compares the integrity before and
after to see if anything has attacked them.
The company that produced it (Diamond CS) no longer offers it on their
site for whatever reason, but it's available here:
http://teknoweb.asia-links.com/download/vtrap.exe
put it in a folder in your program files and create a link to it so you
can find it whenever you suspect something.

Another trick the miscreants use is to hijack your shell open command
for executables and have a seemingly innocent file be in fact an
executable.
There's an application that lists all file types that are registered
with executable extensions on your system, so you can see if there are
any "new" ones besides the usual ones (exe scr com bat pif)
It's called "List exe" and is available here:
http://www.misec.net/products/LExE.zip
Same as above, create folder and link.

Good luck

Bart

 

[Zvi Netiv]

Want to know if there are any exe or com infectors active on your
system?
Virus Trap 1.0 creates a set of two test files (exe & com) with known
crc values then executes them and compares the integrity before and
after to see if anything has attacked them.

The concept is well known and was implemented in many AV products, Iris' and
Eliashim's eSafe, to mention two. One of the weak points of the above
implementation is the use of a static file and name, what makes it easy to avoid
by viruses. Many viruses now have a list of files to avoid.

The company that produced it (Diamond CS) no longer offers it on their
site for whatever reason, but it's available here:
http://teknoweb.asia-links.com/download/vtrap.exe

The program isn't self contained. It requires the presence of a DLL
(MSVBVM60.DLL) not found on all systems.

Regards, Zvi

 

[Zvi Netiv]

Want to know if there are any exe or com infectors active on your
system?
Virus Trap 1.0 creates a set of two test files (exe & com) with known
crc values then executes them and compares the integrity before and
after to see if anything has attacked them.
The company that produced it (Diamond CS) no longer offers it on their
site for whatever reason [...]

The reason could be that it's not particularly useful against stealth
viruses,

Full stealth viruses, as we knew them for 16 bit DOS executables (e.g. Frodo),
do not exist for the more complex executable structures, such as NE (were used
under Windows 16 bit) and PE. It's impossible to conceal all the changes made
to a PE, when infecting it. At the time, CIH was claimed to use "stealth" as it
doesn't affect file size (it resides in the PE header, filling empty space), but
it isn't stealth at all and discloses its presence if you know where to look
for.

Regards, Zvi

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on

Many viruses now have a list of files to avoid

Maybe that's why it always comes up negative ;-)

Bart

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on

If you suspect a virus, use a virus scanner...

Of course!

Bart

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on

The company that produced it (Diamond CS) no longer offers it on their
site for whatever reason [...]

The reason could be that it's not particularly useful against stealth
viruses, viruses that avoid infecting goat files (I didn't look at these
particular goat files, I'm just stating that such viruses exist),
viruses that are not memory-resident and infect files only in the
current
directory or viruses that infect neither DOS .exe nor .com files...

Maybe that's why they no longer offer it,
gives a false sense of sterility?

Bart