|
NCSA Virus Report #107
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
???????????????????????????????
? VIRUS REPORT ?
? Saratoga Virus ?
???????????????????????????????
Synonyms: 642, One in Two
Date of Origin: July, 1989
Place of Origin: Calfornia
Host Machine: PC compatibles.
Host Files: Memory resident. Infects EXE files.
Increase in Size of Infected Files: 642 bytes.
Detected by: Scanv56+, F-Prot, IBM Scan.
Removed by: CleanUp, Scan/D, F-Prot, or delete infected files.
Derived from: Icelandic II?
This virus appears to be derived from the Icelandic-II viruses.
Modifications include:
* When Saratoga copies itself to memory, it modifies the memory block
so that it appears to belong to the operating system, thus preventing
reuse of the block.
* Like Icelandic-II, this virus can infect programs which have been
marked Read-Only, though it does not restore the Read-Only attribute
to the file afterwards.
Similar to the Icelandic-II virus, the Saratoga can infect programs
even if the system has installed an anti-viral TSR which "hooks"
interrupt 21, such as FluShot+.
??????????????????????????????????????????????????????????????????????
? This document was adapted from the book "Computer Viruses", ?
? which is copyright and distributed by the National Computer ?
? Security Association. It contains information compiled from ?
? many sources. To the best of our knowledge, all information ?
? presented here is accurate. ?
? ?
? Please send any updates or corrections to the NCSA, Suite 309, ?
? 4401-A Connecticut Ave NW, Washington, DC 20008. Or call our BBS ?
? and upload the information: (202) 364-1304. Or call us voice at ?
? (202) 364-8252. This version was produced May 22, 1990. ?
? ?
? The NCSA is a non-profit organization dedicated to improving ?
? computer security. Membership in the association is just $45 per ?
? year. Copies of the book "Computer Viruses", which provides ?
? detailed information on over 145 viruses, can be obtained from ?
? the NCSA. Member price: $44; non-member price: $55. ?
? ?
? The document is copyright © 1990 NCSA. ?
? ?
? This document may be distributed in any format, providing ?
? this message is not removed or altered. ?
??????????????????????????????????????????????????????????????????????
|
|