From lehigh.edu!virus-l Thu May 20 03:36:16 1993 remote from vhc Received: by vhc.se (1.65/waf) via UUCP; Thu, 20 May 93 18:01:13 1 for mikael Received: from fidoii.CC.Lehigh.EDU by mail.swip.net (5.65c8-/1.2) id AA03414; Thu, 20 May 1993 13:55:28 +0200 Received: from (localhost) by Fidoii.CC.Lehigh.EDU with SMTP id AA12191 (5.67a/IDA-1.5 for ); Thu, 20 May 1993 07:36:16 -0400 Date: Thu, 20 May 1993 07:36:16 -0400 Message-Id: <9305201037.AA06568@agarne.ims.disa.mil> Comment: Virus Discussion List Originator: virus-l@lehigh.edu Errors-To: virus-l@agarne.ims.disa.mil Reply-To: Sender: virus-l@lehigh.edu Version: 5.5 -- Copyright (c) 1991/92, Anastasios Kotsikonas From: VIRUS-L Moderator To: Multiple recipients of list Subject: VIRUS-L Digest V6 #81 VIRUS-L Digest Thursday, 20 May 1993 Volume 6 : Issue 81 Today's Topics: IDES '93 Conference Proceedings Re: Human factor in infections Re: Should viral tricks be publicized? Scanners getting bigger and slower Re: CyberSoft UNIX scanner (UNIX) Jerusalem can be a PAIN IN THE BUTT (PC) Re:Tremor (PC) TREMOR-infected virus-scanner? (PC) STONED "floating" on network (PC) Re: "DIR" infection, or "Can internal commands infect" (PC) Re: On the merits of VSUM (PC) Re: F-Prot 2.08 and 2.07 with CP/DOS6 VSAFE (PC) Re: Bug With Virstop 2.08a & DOS6 Memmaker? (PC) Re[2]: Copyright of Virus Signatures (PC) Re: A virus that deletes autoexec.bat (PC) Strange smiley faces in Directory (PC) macafee site ? (PC) File listing of risc (PC) VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. (The complete set of posting guidelines is available by FTP on cert.org or upon request.) Please sign submissions with your real name. Send contributions to VIRUS-L@LEHIGH.EDU. Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. A FAQ (Frequently Asked Questions) document and all of the back-issues are available by anonymous FTP on cert.org (192.88.209.5). Administrative mail (comments, suggestions, and so forth) should be sent to me at: . Ken van Wyk, krvw@first.org ---------------------------------------------------------------------- Date: Tue, 18 May 93 17:09:57 -0400 From: "George Guillory" Subject: IDES '93 Conference Proceedings I hate to bring this up but has anyone received the proceedings from the 6th International Computer Virus and Security Conference? Can our hosts inform us as to the status of the proceedings and a new proposed delivery date? ------------------------------ Date: Wed, 19 May 93 10:51:43 -0400 From: frisk@complex.is (Fridrik Skulason) Subject: Re: Human factor in infections Inbar_Raz@f210.n9721.z9.virnet.bad.se (Inbar Raz) writes: I wrote: > > they happen occasionally - the worst I have seen was somewhere around > > 20.000 machines infected in a single company. >Would I be mistaken if I assumed that those companies weren't adequately >protected, or was it a new variant? They *thought* they wre fully protected...unfortunately, they had not updated their anti-virus software for two years. - -frisk - -- Fridrik Skulason Frisk Software International phone: +354-1-694749 Author of F-PROT E-mail: frisk@complex.is fax: +354-1-28801 ------------------------------ Date: Wed, 19 May 93 20:58:04 -0400 From: ulogic!hartman@netcom.com (Richard M. Hartman) Subject: Re: Should viral tricks be publicized? RADAI@vms.huji.ac.il (Y. Radai) writes: > Vesselin writes concerning Inbar Raz: >>Fourth, I disagree that his article teaches the virus writers how to >>do something. His article mainly teaches how to try to block the >>attempts of somebody to debug or disassemble your program. This is >>mainly used for copy protection purposes, although of course is used >>both by the virus writers and the authors of anti-virus programs. > >I beg to differ. His article begins: >> Anti Debugging Tricks >> By: >> Inbar Raz > ..... >>Most [anti]debugging tricks, as for today, are used within viruses, in order to >>avoid dis-assembly of the virus, as it will be exampled later in this file. >>Another big part of anti debugging tricks is found with software protection >>programs, what use them in order to make the cracking of the protection >>harder. > >As I read this, his primary interest is in avoiding disassembly of >viruses by AV people; copy protection comes only in second place. But >even if we ignore the implied ranking, the very fact that he is aware >that the tricks he has published can be used to defeat AV techniques >(even if only among other things) says a lot, as far as I'm concerned. I don't know about that. A statement like that could be interpreted to be directed at teaching people interested anti-virus techniques some of the techniques that are currently being used by the virus writers so they could be recognized and defeated. I don't know Inbar Raz, Hex-40 or what else was said in this article. I came into this late, but this excerpt seemed to be the considered to be the strongest evidence against Mr. Raz, and I just don't think that it holds up objectively. Just my .02 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Work away today, think about tomorrow. | Never comes the day, for my love and me. | -Richard Hartman I feel her gently sighing | hartman@uLogic.COM as the evening slips away.... | ------------------------------ Date: Wed, 19 May 93 21:49:43 -0400 From: barnold@watson.ibm.com Subject: Scanners getting bigger and slower Malte Eppert, Malte_Eppert@f6051.n491.z9.virnet.bad.se writes > That technique needs a lot of memory. A hash table for > 2000 > signatures may not be too small in order to fit them in without too > many collisions. So we may have to use EMS/XMS utilizing scanners next > time. Not so. Collisions are only relevant if the scanner spends a lot of time traversing chains of hash table buckets. I estimate that the scanner I maintain (for IBM AntiVirus) can handle upwards of 10K search patterns before speed starts to be a problem, and this is a bulk-mode scanner, i.e. it can scan a buffer at nearly the speed of hard disk I/O on a typical well balanced PC. With some minor planned changes, it could handle 10 times this many search patterns. The main problem is memory for the search patterns themselves; the memory requirement for in-memory search patterns for our scanner is currently over 10 times the size of the table space used for hashing. Bill Arnold barnold@watson.ibm.com (IBM AntiVirus Development) ------------------------------ Date: Tue, 18 May 93 20:00:25 -0400 From: bcoll@qualix.com (Barbara Coll) Subject: Re: CyberSoft UNIX scanner (UNIX) >An obvious question is what/how many Unix viruses does it "scan" for. > >I was under the impression that there were few to none Unix viruses >"in the wild" and thus most of the potential market was for security/ >integrity software rather than known virus scanners. If this is not >the case, tell us about it. Qualix has recently taken the VFind product to market and I have attached the Sunflash that was sent out this morning. To address your point, it is not necessarily the UNIX viruses that VFind scans for but dormant PC, MAC and AMiga viruses that are residing in the UNIX information systems. By eliminating the dormant viruses they are now unable to re enter the non-UNIX world to reinfect the systems the viruses came from. VFind can also scan back up and new product media prior to it being copied into the live environment. Barbara Coll Qualix Group, Inc. Product Line Manager 1-800-245-8649 1900 S. Norfolk St. #224 fax: 1-415-572-1300 Here is the recent SunFlash: VFind Now Available to the Non-government Market "Virus Scanning Software for Heterogeneous Environments" ---------------------------------------------------------------- ------------------------------------ VFind -- Scans for UNIX, MS-DOS, Macintosh and Amiga destructive software on your UNIX system -- Locates know viruses and other problems such as trojan horses, worms, and logic bombs -- can search entire disk drives and across all NFS networks -- has a tape scanning capability that can scan removable media prior to use or shipment -- can be programmed to scan for keywords like "Top Secret" or other confidential phrases Viruses have been observed infecting non-UNIX PCs attached to a heterogeneous network. The viruses came from the UNIX workstations but the UNIX systems were not the original point of entry for the viruses. The viruses were dormant while on the UNIX nodes and became harmful when they migrated to their target system. The UNIX systems acted as unaffected carriers of computer viruses for other platforms. VFind would prevent this situation. In addition to the situation described above there are several other types of harmful software that are native to and targeted against UNIX systems, including: trojan horses, logic bombs, and worms. Worms require an extensive amount of programming and are not considered an immediate threat. Trojan horses appear to be performing desired processing while creating damage. They are spread by unsuspecting users who copy them in order to take advantage of their userfulness. Logic bombs, or time bombs, are simple programs that wait for an event to occur, such as midnight, and then damage the system. VFind would detect these viruses. Specifications -------------- * VFind is available for 20 UNIX systems including: Sun, IBM, SCO, DG, DEC * It is recommended that VFind be executed at night due to the CPU usage * Recommended memory 12 MB * Minimal disk space required Evaluations ----------- 30-day evaluations of VFind are available from Qualix, free of charge. Please call Qualix to order your eval today. More information on VFind is available from the Qualix mail server by sending the following to qfacts@qualix.com BEGIN send vfind.info send index ; if you want more info on the Mail Server contents send comp.virus.faq ; if you want more info on computer viruses in general END Pricing ------- Quantity Pricing Desktop Pricing: 1-9 desktops $395.00 for each desktop 10-20 desktops $340.00 for each desktop Server Pricing: Small (up to 20 clients) 1-5 servers $795 for each server 6-20 servers $595 for each server Large (up to 250 clients)1-5 servers $1595 for each server 6-20 servers $1295 for each server Site Licenses - negotiable at >20 servers Support - Upgrades to the product are frequent in order to keep up to date with all of the viruses plaguing the industry. Support pricing is 20% of sale price/year. Availability ------------ VFind from CyberSoft is now available to the commercial UNIX customer from the Qualix Group. Call us at 1-800-245-UNIX or 1-415-572-0200 or e-mail us at info@qualix.com. ------------------------------ Date: Tue, 18 May 93 23:41:18 -0000 From: Thermo@sound.demon.co.uk (Thermo Nuclear) Subject: Jerusalem can be a PAIN IN THE BUTT (PC) My friend's computer recently had a brush with death; he previously thought he was impenetrable to viruses because he hardly used his computer. Well, he borrowed a disk off someone and contracted the Jerusalem virus. Slowly each of his .exe and other executables became infected- eventually NOTHING would work. He became a believer in virus protection the moment McAfee discovered [Jeru]. Has anyone else had run ins with Jerusalem? ============================================================================= _________________ [_______ ______] \\\\\\/ )\\\\\\\ < 0932-252-323 > / )\\ ORIGIN: SOUND AND VISION BBS, U.K. / )\\ HERMO Wherever there was trouble, it reminded them of me ============================================================================= ------------------------------ Date: Wed, 19 May 93 08:00:06 +0000 From: wolfgang.stiller@rose.com (wolfgang stiller) Subject: Re:Tremor (PC) HRZ090@VM.HRZ.UNI-ESSEN.DE (Dr. Martin Erdelen) asks: HR>is there any new development re: disinfection of the Tremor virus? Are HR>there antiviral programs by now which can handle this beast? Integrity Master's scanner component with reliably detect this polymorphic virus but we don't offer removal beyond automatic (optional) deletion of infected files. I sincerely hope that you're not depending upon "disinfection" or "cleaning" technology to recover from viruses. It's simply not safe to depend upon this technology. While it may be convenient to use such programs, it's vital to also have reliable, current backups. Even the most common file infector of all, the Jerusalem virus, will not be correctly removed from all infected files by any product that we're familiar with. The virus infects some files in such a way that some of the original program can't be correctly reconstructed without saving all or part of the original program prior to the infection. Beyond this, there are a large number of viruses that no program reliably "disinfects", either because the virus overwrites part of the original code or because no one has written disinfection code for this virus yet. Regards, Wolfgang Stiller Research, 2625 Ridgeway St. Tallahassee, FL 32310, U.S.A. - --- SLMR 2.1a RoseMail 2.10 : ------------------------------ Date: Wed, 19 May 93 07:25:56 -0400 From: steffens@VTP147.UNI-MUENSTER.DE (Karsten Steffens) Subject: TREMOR-infected virus-scanner? (PC) Hi there, bad news is circulating in Germany: a private televison station usually spreads shareware among the people by sending it in a datachannel overlaid to their normal TV-program, using a special decoder hardware people can separate the data from the movies and download. They call it CHANNEL VIDEODAT. Now, newspapers claim that during the transmission last friday also the latest version of "a famous american virus scanner", which itself was infected by the TREMOR virus had been transmitted, and lots of computers had been infected. As no newspaper calls the "famous scanner" by its name, my question is: Which scanner is infected by TREMOR? Which scanner can disinfect TREMOR? I would be nice if someone could give a statement. Thanks a lot, and best regards. ************************************************************************ * KARSTEN STEFFENS STEFFENS@VSIKP0.UNI-MUENSTER.DE * * Institut fuer Kernphysik - Universitaet Muenster - Deutschland * ************************************************************************ ------------------------------ Date: Wed, 19 May 93 09:40:49 -0400 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: STONED "floating" on network (PC) From: Malte_Eppert@f6051.n491.z9.virnet.bad.se (Malte Eppert) >STONED is a MBR-infector and cannot spread via nets(!). While this is true for the virus itself, it is quite possible for a "dropper" in .COM or .EXE form to exist and to spread the STONED or any other MBR infection via a LAN. This is a trojan horse that inserts the virus into the boot sector when it executes. Since it does not go resident a memory scan will detect nothing and unfortunately few scanners detect droppers in files. (F-Prot in "heuristic" mode will detect some). BIOS level detection such as are available from AMI and AWARD are effective at detecting this sort of thing as are resident integrity checkers, particularly those that start at the BIOS level (such as my DISKSECURE 8*). Warmly, Padgett ------------------------------ Date: Wed, 19 May 93 10:07:42 -0400 From: uqitu01@ucl.ac.uk (Mr Ian M Leitch) Subject: Re: "DIR" infection, or "Can internal commands infect" (PC) bontchev@news.informatik.uni-hamburg.de (Vesselin Bontchev) writes: > Amir Netiv (Amir_Netiv@f120.n9721.z9.virnet.bad.se) writes: >> Do you know how common is the question: "Can a write >> protected floppy be infected ?" > Yes, I do. (Why is it not in the FAQ, BTW? Maybe we've thought that > the answer is so well known that there's no need to include this > question... Maybe we should re-consider...) Answers to this and similar questions presently being discussed on this list *are* in the FAQ! For example, D8) Will a write-protect tab stop viruses? E11) Can I contract a virus on my PC by performing a "DIR" of an infected floppy disk? E12) Is there any risk in copying data files from an infected floppy disk to a clean PC's hard disk? Perhaps the most Frequently Asked Question ought to be: "Who does look at the FAQ?" . Ian Leitch ------------------------------ Date: Wed, 19 May 93 10:14:43 -0400 From: frisk@complex.is (Fridrik Skulason) Subject: Re: On the merits of VSUM (PC) Malte_Eppert@f6051.n491.z9.virnet.bad.se (Malte Eppert) writes: > > outrageously silly in other cases....I haven't looked at VSUM > > for a long time.. does it still include the RAM "virus", for example ? >Yes :-) what's so strange about that one? Doesn't it ever exist? There is no such thing as the RAM virus. Somebody gave Patty a sample which was infected with two viruses - Cascade and Jerusalem, I think. This combination works perfectly together, but she did not realize the nature of the sample, and seemed to think this was one new virus. There are some other non-existing viruses in VSUM as well, but they are mostly for "copy protection" purposes.... - -frisk - -- Fridrik Skulason Frisk Software International phone: +354-1-694749 Author of F-PROT E-mail: frisk@complex.is fax: +354-1-28801 ------------------------------ Date: Wed, 19 May 93 10:20:12 -0400 From: frisk@complex.is (Fridrik Skulason) Subject: Re: F-Prot 2.08 and 2.07 with CP/DOS6 VSAFE (PC) S.M.Baines@sheffield.ac.uk writes: >I hope this is of help. I will send a copy of this to Virus-L. If lots >of people are loading up DOS 6 and getting the message, I'd guess you >might be quite busy. Yours is not the only scanner to display a >similar message, Bates Anti Virus does too, though it at random >chooses from Beijing, Swedish Disaster, Telefonica and others. The problem is of course that CPAV/MSAV just leaves virus signatures in memory. Maybe they will fix the problem, but I would not bet on it - Central Point has caused more problems for the anti-virus industry than most virus writers IMHO....as somebody said "with friends like that, who need enemies" :-) - -frisk - -- Fridrik Skulason Frisk Software International phone: +354-1-694749 Author of F-PROT E-mail: frisk@complex.is fax: +354-1-28801 ------------------------------ Date: Wed, 19 May 93 11:21:30 -0400 From: sphughes@sfsuvax1.sfsu.edu (Shaun P. Hughes) Subject: Re: Bug With Virstop 2.08a & DOS6 Memmaker? (PC) RTRAVSKY@corral.uwyo.edu (Rich Travsky 3668 (307) 766-3663/3668) writes: >I have encountered an odd interaction between virstop.exe version >2.08a and dos 6's memmaker. Specifically, having virstop running >(either in conventional or high memory) will hang the pc when using >memmaker. This means then that to run memmaker you have to comment >it out of whichever startup file you have it in. > >At the moment I only have one pc to try this on, so if anyone else >would care to try and duplicate this, I'd be interested in knowing >how it turned out. I finally got around to dos 6.0 yesterday and had absolutely no conflict between virstop 208a and memmaker. I suspect your problem lies elsewhere. good luck, - -- Shaun P. Hughes "Facts are Stupid Things." sphughes@sfsuvax1.sfsu.edu Ronald Reagan Republican National Finger for PGP 2.2 Public Key Convention 1988 ------------------------------ Date: Wed, 19 May 93 12:41:52 -0400 From: "Tom Zmudzinski" Subject: Re[2]: Copyright of Virus Signatures (PC) So spoke Malte_Eppert@f6051.n491.z9.virnet.bad.se (Malte Eppert) in VIRUS-L Digest V6 #79 [in reply to CS193560223@lusta.latrobe.edu.au (ENRIQUEZ,L) in VIRUS-L Digest V6 #72]: > Hi Luke! > >> Obviously, most virus writers dont want to do this. However, if >> sometime did extract a piece of code (signature) from the virus, >> and include it in their virus scanner, and recieved a fanancial >> advantage from this inclusion, and the author came forth to claim >> copyright, would such a case be legal? > >> Please remember I am no lawyer..:) > > Me not, too... but it's ridiculous to grant copyrights to code which is > designed to propagate by itself :-) It may be "ridiculous", but don't bet the farm that some court somewhere won't do it! After all, we let people PATENT things "designed to propagate", such things as plants and animals! And there's new case law being made in lawsuits daily (including a few where biotech companies are trying to patent REAL viruses). Tom Zmudzinski [Unreformed Paronomasiac] ZmudzinT@CC.IMS.DISA.MIL CAUTION! INCORRIGIBLE PUNSTER! PLEASE DON'T INCORRIGE! ------------------------------ Date: Wed, 19 May 93 16:05:56 -0400 From: blake@nevada.edu (Rawlin Blake) Subject: Re: A virus that deletes autoexec.bat (PC) chet@retix.com (Chet Mazur) writes: >From: chet@retix.com (Chet Mazur) >Subject: A virus that deletes autoexec.bat (PC) >Date: 13 May 93 18:30:57 GMT >does this beast sound familiar, this guy is having problems that virus >checkers are not finding it... maybe he has some bad sectors or a >flakey disk... pls. reply by mail as I don't follow this group. Yep, Its called the FFU Virus. (FFU = Fumble-Fingered-User) - --- Rawlin Blake blake@nevada.edu No .sig is a good .sig Vote against victim disarmament--protect the right of citizens to defend themselves from streetscum & evil governments--return to the right of the *people* to keep and bear arms. ------------------------------ Date: Thu, 20 May 93 02:43:30 -0400 From: rrb@deja-vu.aiss.uiuc.edu (Rec.Radio.Broadcasting Moderator) Subject: Strange smiley faces in Directory (PC) A friend of mine has a Vendex 8088 clone with no hard drive and the usual dual 5.25 floppies. She runs an old DOS 2.01 which I believe is called "Headstart". Lately she has been having some weird file corruption. Some files cannot be pulled up with her word processor (Easy Working Writer by Spinmaker) sometimes the next day after she makes the file (the file would open the same night, generally). When she does a dir on the disk containing the file (within the WP program) she gets some bizzare stuff (mind you I have not seen this, it is a verbal description). In the Filename column, some files are OK, but others have what looks like an oblong smiley face, followed by a two-headed up/down arrow, a backward digit 2, another smiley face and a down arrow. The size and date are blank and the time contains a smiley face and a left arrow. Thes files cannot be opened. In the DOS shell, a dir command yields the same thing except that the filename contains a few more nonsense characters and the size column has a 90 degree right arrow (with two arrowheads) and a smiley face followed by the number 721592361. Mind you that this is a 360k drive and there is 200+k left on the disk! Under DOS the same file has a creation date of 8-02-99 and a time of 12:01 PM. Other corrupt files have creation dates of 0-00-80 and time of 0:00 AM, some are blank lines and, as I said, some are normal. Some files have extra columns AFTER the TIME field which contain a slash and what looks like a diamond, or they may have other strange characters. What the hell is this??? It seems to have started soon after she bought the Easy Writer software at an Egghead outlet store for a low price. It is happening more and more and some files are OK one day and corrupted the next, all in a similar (although not exactly the same) manner. A screen print shows pretty much what the screen shows, but is spaced differently. She never uses BBS software, mainly because of the lack of a hard drive. Other possibly related troubles include a modem that won't respond to Procomm+ commands untill it is unplugged and plugged back in. The response code to an attempt to boot Procomm+ is "Critical error 4" and if she hits retry she gets the same error message, if she hits 'ignore' it will boot properly. PLEASE reply in email asap, I don't have much time these days to read news, and articles get expired pretty fast here. My friend depends on her clunker computer for her newspaper reporting job, and we need some ideas. She does not have a virus program. William ____________________________________________________________________________ William Pfeiffer - Moderator | Radio is a sad salvation, | rec.radio.broadcasting - Internet Radio Journal | Radio is cleanin' up the | Article Submission - rrb@airwaves.chi.il.us | nation. "Elvis Costello" | Subscription Desk - journal@airwaves.chi.il.us | 'That's the biz - baby!' | - ----------------------------------------------------------------------------- ------------------------------ Date: Tue, 18 May 93 19:53:10 +0000 From: pruett@CS.ColoState.EDU (J. L. Pruett) Subject: macafee site ? (PC) Howdy out there. I used to get my macafee updates (we're all paid) from the 192.187.128.1 site, but it no longer accepts anonymous logins. Anyone know where I can get 'em? Jenny [Moderator's note: The VIRUS-L/comp.virus archive site listing is posted here monthly (plus or minus a bit). In the meantime, you might try mcafee.com, oak.oakland.edu, risc.ua.edu, phil.utmb.edu, etc.] ------------------------------ Date: Tue, 18 May 93 16:41:07 -0400 From: James Ford Subject: File listing of risc (PC) This is a current listing of IBM antivirus files available via anonymous FTP from risc.ua.edu (130.160.4.7). Please let me know if you see any files that are out of date or missing.....(isn't vcopy82.zip an old file from McAfee? Should it be there?) Thanks. - -- jf - -------------------------------------------------------------------- 0files.9305 fixutil5.zip secur235.zip vdetect.zip 20a10.zip fp-208a.zip sentry02.zip vds210t.zip Valert-l.readme fshld15.zip stealth.zip virlab15.zip Virus-l.faq fsp_184.zip tbav602.zip virpres.zip Virus-l.readme hack1192.zip tbavu602.zip virsimul.zip aavirus.zip hs32.zip tbavx602.zip virstop.zip allmsg.zip htscan20.zip tbsg601a.zip virusck.zip avs_e224.zip i-m141.zip trapdisk.zip virusgrd.zip bbug.zip innoc5.zip unvir902.zip virx26d.zip bootid.zip killmonk.zip uxencode.pas vkill10.zip catchm18.zip langv102.zip v-faq.zip vshell10.zip ccc91.zip m-disk.zip vacbrain.zip vshld104.zip chk.zip msg_9_12.zip vaccine.zip vsig9305.zip chkint.zip mtetests.zip vaccinea.zip vstop54.zip clean104.zip netsc102.zip validat3.zip vsumx304.zip cvc792am.zip nshld104.zip validate.crc vtac48.zip cvc792ma.zip ocln104.zip vc300ega.zip vtec30a.zip cvc792ms.zip onet102.zip vc300lte.zip wcv201.zip cvcindex.zip oscn104.zip vcheck11.zip wp-hdisk.zip dir2clr.zip pkz110eu.exe vchk23b.zip wscan104.zip ds115.zip scanv104.zip vcopy82.zip ztec61b.zip ------------------------------ End of VIRUS-L Digest [Volume 6 Issue 81] *****************************************