ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
                    ³        VIRUS REPORT         ³
                    ³         dBASE Virus         ³
                    ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ

Synonyms: DBF virus

Place of Origin: New York.

Host Machine: PC compatibles.

Host Files: Remains resident. Infects COM files and overlay files. May
infect EXE files.

Increase in Size of Infected Files: 1864 bytes.

Nature of Damage: Corrupts DBF files. Affects system run-time operation.
Corrupts program or overlay files.

Detected by: Scanv47+, F-Prot, IBM Scan, Pro-Scan.

Removed by: CleanUp, Scan/D, or F-Prot.

     Discovered by Ross Greenburg of New York, this is a memory resident
.COM/.OVL virus, which attempts to infect the dBASE program. When an
infected application is executed, the virus installs in memory, looking
for an open operation on .DBF files. Any writes to this file have two
bytes transposed at random. The virus keeps track of which files and
bytes have been altered using a file called BUG.DAT in the same directory
as the .DBF files. Reads of data are corrected by the resident portion of
the virus, thus data appear correct. However, when BUG.DAT is 90 days
old, the virus overwrites/nulls the root directory and FAT structures. 
If the DBF file can be recovered, it will be recovered with non-obvious
errors.

     After this virus has been detected, if you remove the infected DBase
program and replace it with a clean copy, your DBF files that were opened
during the period that you were infected will be useless since they are
garbled on the disk even though they would be displayed as expected by
the infected Dbase program. To avoid file damage, keep multiple backups,
and keep hard copy of your transactions. Running a program such as
Deskview will permit you to look in your dBASE directory for BUG.DAT
during dBASE operations.


ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
º  This document was adapted from the book "Computer Viruses",       º
º  which is copyright and distributed by the National Computer       º
º  Security Association. It contains information compiled from       º
º  many sources. To the best of our knowledge, all information       º
º  presented here is accurate.                                       º
º                                                                    º
º  Please send any updates or corrections to the NCSA, Suite 309,    º
º  4401-A Connecticut Ave NW, Washington, DC 20008. Or call our BBS  º
º  and upload the information: (202) 364-1304. Or call us voice at   º
º  (202) 364-8252. This version was produced May 22, 1990.           º
º                                                                    º
º  The NCSA is a non-profit organization dedicated to improving      º
º  computer security. Membership in the association is just $45 per  º
º  year. Copies of the book "Computer Viruses", which provides       º
º  detailed information on over 145 viruses, can be obtained from    º
º  the NCSA. Member price: $44; non-member price: $55.               º
º                                                                    º
º            The document is copyright (c) 1990 NCSA.                º
º                                                                    º
º  This document may be distributed in any format, providing         º
º  this message is not removed or altered.                           º
ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ

Downloaded From P-80 International Information Systems 304-744-2253