If you have access to the WWW, point your browser to
http://www.datafellows.fi/index.html
This web page promotes F-Prot, which is a very good anti-virus shareware
program. Besides having information on F-Prot, it carries a goodly amount
of general information about computer viruses.
>From what I understand, the term Stealth describes a type or family of
computer viruses.
This is a guess, but I bet "Stealth I" or "Stealth II" are descriptions
that a particular anti-virus program (such as McAfee's Scan or F-Prot or
Thunderbyte -- to name 3 of many) uses to identify some as-yet unknown
virus.
But, then again, there very well might be a virus called Stealth I or
Stealth II.
If you have access to usenet, you should check out comp.virus. But be
forewarned: the people who frequent this group tend to get a little
touchy when someone asks (what to them is) a basic question.
Here's what the comp.virus FAQ has to say about stealth viruses:
>What is a stealth virus?
>A STEALTH virus is one which hides the modifications it has made in the
>file or boot record, usually
>by monitoring the system functions used by programs to read files or
>physical blocks from storage
>media, and forging the results of such system functions so that programs
>which try to read these
>areas see the original uninfected form of the file instead of the actual
>infected form. Thus the viral
>modifications go undetected by anti-viral programs. However, in order to
>do this, the virus must be
>resident in memory when the anti-viral program is executed.
>Example: The very first DOS virus, Brain, a boot-sector infector,
>monitors physical disk I/O and
>re-directs any attempt to read a Brain-infected boot sector to the disk
>area where the original boot
>sector is stored. The next viruses to use this technique were the file
>infectors Number of the Beast
>and Frodo (= 4096 = 4K).
>Countermeasures: A "clean" system is needed so that no virus is present
>to distort the results. Thus
>the system should be built from a trusted, clean master copy before any
>virus-checking is attempted;
>this is "The Golden Rule of the Trade." With DOS, (1) boot from original
>DOS diskettes (i.e. DOS
>Startup/Program diskettes from a major vendor that have been
>write-protected since their creation);
>(2) use only tools from original diskettes until virus-checking has
>completed.
Hope this is of some help to you.
Anthony Amabile (aamabile@panix.com)
Online Services Librarian
Skadden Arps
NYC
On Wed, 17 May 1995, Diana Frazier Miller wrote:
> Greetings all,
>
> Does anyone know anything about a virus called Stealth (either
> Stealth I or Stealth II, I think)? What does it do? How long has it
> been around? All the usual questions. I was asked a question about this
> virus and of course know nothing about how to even find out.
>
> Second, thanks for the responses regarding SCALE. Just what I
> needed. Great service, as always.
>
> Diana Frazier Miller
> Law Library of Congress
>
This archive was generated by hypermail 2b29 : 03/09/00 PST