F-PROT Professional 2.17 Update Bulletin
========================================
Data Fellows Ltd, Paivantaite 8, FIN-02210 ESPOO, Finland
Tel. +358-0-478 444, Fax +358-0-478 44 599, E-mail: f-prot@datafellows.fi

This material can be freely quoted in Europe, Africa and Asia when
the source, F-PROT Professional Update Bulletin 2.17 is mentioned.
Copyright (c) 1995 Data Fellows Ltd.
------------------------------------------------------------------------------

Contents 2/95
=============

F-PROT Gatekeeper - the first in the world
The Global Virus Situation
        Tai-Pan.666
        The "POX ON YOU" -Trojan Horse
News in Short
        Form Strikes Again
        DE.EXE and Mange-Tout
F-PROT- Support Informs: Common Questions and Answers
Changes in F-PROT Professional version 2.17 


F-PROT Gatekeeper - the first in the world
------------------------------------------

Today virus protection has become an important concern 
for companies and organizations, although the use of 
anti-virus programs in itself can only be considered a 
necessary evil.

Data Fellows Ltd. has made the F-PROT Professional anti-
virus software as easy-to-use, user-friendly and 
automated as possible. Now Data Fellows Ltd. has 
developed an even easier way to protect computers against 
viruses - a way that is the first of its kind in the 
world.

F-PROT Gatekeeper is a Windows background protection 
program. It searches for viruses by using F-PROT's Secure
Scan, which means that it is capable of detecting 
practically all known viruses - including the elusive 
polymorphic viruses, which are normally very difficult to 
detect. F-PROT Gatekeeper is part of the F-PROT for 
Windows package, and it can be installed to function 
either by itself or together with F-PROT for Windows.

F-PROT Gatekeeper provides an excellent way to protect a 
company's Windows workstations, for it functions as long
as Windows is running - and extends its protection also 
to DOS sessions which are run under Windows.

In F-PROT Gatekeeper's development, we paid special
attention to the needs of the companies whose 
workstations are connected to a network. F-PROT 
Gatekeeper communicates directly with the network 
administrator, reporting all the virus incidents detected 
in the network's workstations. F-PROT Gatekeeper is also
easy to install and maintain centrally via the network. 
There are several installation options available to the 
network administrator. The program doesn't have to be
installed separately to every workstation - it can be 
automatically installed to the network's workstations
from the network server. The program's updates can
likewise be distributed via the network in a similar 
manner. The new version needs only to be copied to the 
server, and the individual workstations will 
automatically fetch it from there.

F-PROT Gatekeeper was publicly tested in Internet. The 
test was a success - over 1500 companies and private 
users downloaded the test version from our ftp server. 


The Global Virus Situation
--------------------------

Tai-Pan.666
-----------
During 1994, the Tai-Pan virus became rapidly very 
common. Since the end of the year, a new variant of this 
virus has also managed to spread widely. The size of the 
original Tai-Pan was 438 bytes; the new version is 666 
bytes long, and it is therefore known as Tai-Pan.666. 
Tai-Pan.666 was first found in Belgium, in December 1994.

The functioning of Tai-Pan is quite simple; it goes 
resident in the computer's memory and infects nearly all
executed EXE files. The virus does not infect programs 
which are larger than 64 kilobytes. Infected files grow 
by 666 bytes. Tai-Pan does not actually try to do 
anything besides spreading itself, but it may 
occasionally crash the computer.

Tai-Pan.666 contains the following text strings:

        DOOM2.EXE

        Illegal DOOM II signature

        Your version of DOOM2.EXE matches the illegal
        RAZOR release of DOOM2

        Say bye-bye HD

        The programmer of DOOM II DEATH is in no
        way affiliated with ID software.

        ID software is in no way affiliated with
        DOOM II DEATH.

Because of these texts, Tai-Pan.666 is also known as 
"DOOM II DEATH". Despite all the threats, Tai-Pan.666 
does not contain destructive routines or single the DOOM 
game out for its attacks.

Ironically, one avenue by which Tai-Pan.666 managed to 
spread was "DOOM II Mania #1", a CD-ROM disk featuring 
DOOM themes. The disk was published in the beginning of 
1995 by Tech Express Software. The company has now drawn 
the disk from the market.

F-PROT can detect and remove the Tai-Pan.666 virus.

The "POX ON YOU" -Trojan Horse
------------------------------
During the last few months, many PC users have been 
confronted with a mystical "Pox on you" -message which 
appears on the computer's display when the machine is
booted. When the matter was examined, the message was 
traced to an IDE driver file called CMD640X.SYS. The file 
comes with CMD PCI IDE drivers.

The message is not caused by a virus, nor has the 
original program file been tampered in any way. Rather, 
it seems that the driver's programmer has added a Trojan
Horse routine to CMD640X.SYS as a "joke".

CMD640X.SYS activates randomly. It keeps printing the 
following message on the screen for a while, after which 
it crashes the computer.

A poX oN yOu!! yoU wiLl bUrN iN tHe fiReS of HeLl!! A poX 
oN yOu!! yoU wiLl bUrN iN tHe fiReS of HeLl!! A poX oN 
yOu!! yoU wiLl bUrN iN tHe fiReS of HeLl!!

The only way to eliminate this nuisance is to install a 
sanitized version of the CMD driver into the computer.


News in Short
-------------

Form Strikes Again
------------------
Form, the most common virus in the world, is still going 
strong. The latest Form incident took place in 
Microsoft's developer meeting in London, during which a
Form-infected diskette was distributed to 160 developers. 
Luckily, the infection was noticed in time to warn all 
the people involved. At the moment it is still a mystery 
how the Form diskettes managed to slip past all the usual 
virus checks.

DE.EXE and Mange-Tout
---------------------
In the last Update Bulletin, we mentioned that 
preformatted 3.5" HD diskettes which contain a file 
called DE.EXE, infected by the Mange-Tout.1099 virus, 
have been found in the circulation. After that, diskettes 
which contain the same DE.EXE - but without the infection 
- have also been found.


F-PROT- Support Informs: Common Questions and Answers
-----------------------------------------------------

If you have questions about information security or virus 
prevention, contact your local F-PROT distributor. You 
can also contact Data Fellows directly in the number +358-
0-478 444.

Written questions can be mailed to:
Data Fellows Ltd
F-PROT Support
Paivantaite 8
FIN-02210 ESPOO
FINLAND

Questions can also be sent by electronic mail to: 
Internet: f-prot@datafellows.fi; X.400: S=F-PROT, OU1=DF, 
O=elma, P=inet, A=mailnet C=fi.

When I turned on my brand-new computer, the message 
"Chipaway virus enabled" flashed past during the boot-up. 
No viruses were found when I ran a virus check, however, 
and F-PROT's virus description database contains no
mention of a virus called Chipaway.

        Chipaway is not a virus, but an anti-virus program.
        It is included in the BIOS of some newer computers.
        The program's start-up message is, undeniably, a
        little bit confusing.

        F-PROT detected the PMBS virus in my computer's
        memory. I cold-booted my computer from a clean
        diskette and ran a virus check. For some reason,
        F-PROT identified the virus it found as
        Stealth_Boot.C. Why did the viruse's name change all
        of a sudden?

        When F-PROT detects a virus in the computer's
        memory, it does not perform a precise
        identification. Therefore, the name given by the
        memory check may not match that reported by the
        program's full scan. VIRSTOP does not perform a
        precise identification, either; however, the new
        F-PROT Gatekeeper - the F-PROT Professional for
        Windows active protection, does.

We use a Windows for Workgroups network, in which the 
network disks become visible to users only after Windows 
has been started. What is the easiest way to implement 
automatic updating of VIRSTOP or F-PROT Professional for 
Windows in this kind of an environment?

        Traditional, batch file -based methods for automatic
        updating function also in Windows for Workgroups
        networks. A more elegant solution, however, is to
        take advantage of our F-CMDW utility program. F-CMDW
        is a Windows program - with it, computers do not
        need to jump from Windows into a DOS session
        straight after logging in. F-CMDW functions also
        with Lan Manager's newer versions (in which users
        can log in from Windows).

        F-CMDW can be had for free from F-PROT Support.


Changes in F-PROT Professional version 2.17 
-------------------------------------------

F-ARC, a New Utility Program
----------------------------
F-ARC.EXE is a new utility program for scanning packed 
files. F-ARC locates archive files, extracts their 
contents by using your own unpacking software, and 
employs F-PROT to scan them for viruses.

F-ARC's syntax goes as follows:

        F-ARC [/ALL] [/LIST] <file|<drive>|<dir> ...

The explanations for the command parameters are:

        /ALL    Scan all files inside archives.
        /LIST   List all archive files in the log file.
        <file>  The archive file to be scanned. Only one file
                name can be specified if this parameter is used.
        <drive> The drive to be searched for archive files. It
                is possible to specify more than one drive.
        <dir>   The directory to be searched for archive files.
                It is possible to specify more than one directory.

Examples of F-ARC's use:

F-ARC /all c: d:	Scan all files in all archive files 
                        located in drives c: and d:.

F-ARC c:\foo\bar.zip	Scan for viruses inside the 
                        archive BAR.ZIP.

F-ARC's settings are stored in the file F-ARC.INI. The
various settings and their explanations are listed below:

[F-ARC]                        ;The files header.
scanner=c:\f-prot\f-prot.exe   ;The location of F-PROT.
append=0       ;Append to (1) or overwrite (0) the log file.
memscan=1      ;Start by scanning memory with F-PROT: yes (1)
               ;or no (0).
tmpdir=C:\F-TMP         ;The temporary storage location for
                        ;extracted files.
[Packer1]               ;Unpacking program number 1.
packer=c:\bin\arj.exe   ;The full pathname of the unpacking
                        ;program.
parms=x /y              ;Parameters for the unpacking program.
extension=.arj          ;The file extension of archive files which
                        ;can be extracted by using this program.

In F-ARC.INI, it is possible to specify up to five (5) 
different extraction programs. The log file used by F-ARC 
is called F-ARC.LOG.


Changes in F-PROT Professional for DOS
--------------------------------------

Major changes

The names of several viruses have been changed, and new 
names have been assigned to viruses which previously had 
only temporary names (names which started with an 
underscore). Some of these changes are due to changes in 
classification, some were made in order to make the 
naming system more regular.A couple of these renamings 
deserve a separate mention. "Jerusalem.Vtech" viruses are 
now known as "Jerusalem.HK" viruses - these viruses 
having nothing whatsoever to do with Vtech computers. For 
the same reason, the Prodigy virus has been renamed 
Glupak, and Coke has been renamed Coker.

Our definition for "invalid files" has been changed a 
bit. Previously, we used the same classification method 
as the DEBUG program - if DEBUG displayed "Error in EXE 
or HEX file" when attempting to load a file, F-PROT would 
give an "Invalid file" report of the same file. However, 
some of these "invalid" files will actually run, at least 
under some versions of DOS, and this is now taken into 
consideration.

The following problems have been found and corrected:

EXE files infected with the Astra.1010 virus were 
previously reported to have been infected by a "new or 
modified variant of Astra".

Files infected by the Zero_Hunter.415 virus were not 
disinfected correctly.

Some Leprosy.591- and Emmie.2620 -infected files were not 
identified correctly. Instead, they were reported as "New 
or modified variant of ...".

Sometimes, when reporting "companion" viruses, F-PROT 
would incorrectly add a message like "truncated (5273 
bytes missing)" to its report.

The following false alarms have been fixed:

If Heuristic Analysis was used, F-PROT gave false alarms 
of the files CDBENCH.EXE, DGKEY.COM and L2D.EXE.

PS7_IDC.DLL was flagged as a possible variant of Aurea.

Minor improvements and changes

Testing has revealed a problem, involving random memory 
errors, on some machines. This problem is not detected by 
parity checking. The problem is generally caused either 
by too few wait states or a faulty cache memory. This 
problem has so far been found only on 486/66- and 
Pentium/90 machines.This problem may have unpredictable 
effects on various programs, including F-PROT. It may 
cause the message "checksum error in SIGN.DEF" to be 
displayed, or corrupt search strings randomly, thus 
causing false positives or false negatives. F-PROT will 
now attempt to recognize this situation, by checksumming 
the search strings before and after scanning. If the 
checksums are not identical, a warning message will be 
displayed.

Changes in F-PROT for Windows
-----------------------------
F-PROT Gatekeeper has been added to the Windows version.

Communications manager initialization has been rewritten. 
This has the following consequences:

If the communication directory is not valid, F-PROT for 
Windows will no longer automatically erase the 
communication directory entry. Instead, it will simply 
not use the network features. When the network path 
becomes valid again, the network features are re-enabled.
	
F-PROT for Windows will allow communications directories
to be established on Workgroup drives.

F-PROT for Windows will not use the Seedword (Workgroup 
Name) in SEED.FP_ any more.	

The automatic search for communications directory has 
been removed.

Administrator's menu items "Read User Reports" and "Read
User Messages", as well as the "Read Bulletins" button, 
will be disabled when the network is unavailable.

Other changes:

F-PROT for Windows contained a bug which prevented task 
saving in the administration mode if users were not 
allowed to modify tasks. This has been fixed.

Memory scan has been slightly changed (an additional 
selector limit check is performed).

A check is performed when reports are read: F-PROT for 
Windows used to crash if the report file was corrupted in 
such a way that the number of reports was too big.

Quick Scan has been removed; all tasks are now executed 
by using Secure Scan. The Quick Scan option has been 
removed from the "Task Settings" dialog. Note that 
SCAN_Q.DLL is still needed, for it is used for fetching 
virus names into old reports made with Quick Scan. 
FPWINSC.DLL is not used any more, however.

The "All" and "New Only" buttons in the "Read Bulletins" 
dialog work properly now.

Reports which had been read with the program's previous
versions were not marked as "Read" in the "Read User 
Reports" dialog. This has been corrected.

The Disinfect/Rename/Delete confirmation dialog will now 
stay on screen for 15 minutes before closing 
automatically, instead of the 20 seconds it was open 
before.

The opening of the "Task Settings" dialog has been 
optimized. The dialog used to be especially slow to open 
in systems with many network drives; that was due to the 
fact that the volume labels of all drives were read 
separately every time the dialog was opened. Now, the 
volume labels are read only when the "Task Settings" 
dialog is opened for the first time; after that, the 
volume labels are stored in memory, from which they are 
retrieved the next time the dialog is opened. This 
behavior can be overridden by setting "nolabelcache" on 
the F-PROTW environment variable.

The "Read User Messages" function has been vastly 
optimized: it is up to ten times faster than before.

The "Read User Reports" function has been vastly 
optimized: it is up to ten times faster than before.

The startup of F-PROT for Windows has been optimized: 
launch takes up less time now.

Credits screen will be shown in the "About" dialog when 
F1 is pressed.

CFG/INI read- and write operations have been rewritten.
This should greatly benefit the OS/2 version. The new 
routines are now used in most cases for reading and 
writing F-PROTW.CFG, FPWNET.CFG and the task files.

The checkbox "[X] Notify at Startup if Invalid" has been 
added to the Network preferences. If it is not checked, 
neither F-PROT for Windows nor F-Agent will display an 
error message at startup if the communications directory 
is inaccessible. The checkbox is not checked by default.

When F-PROT for Windows is receiving bulletins, the 
mouse's pointer turns into an hourglass.

F-PROT for Windows used to display an error message box 
if a remote CD-ROM drive was not ready when network scans 
were performed; this had the tendency to interrupt 
scheduled network scans. This error message has been 
removed. Now, the program will only write the message 
"ERROR READING DRIVE d:" to the report, and the scan can 
continue uninterrupted.

New Viruses Detected by F-PROT 2.17
-----------------------------------
The following 77 viruses are now identified, but can not 
be removed as they overwrite or corrupt infected files. 
Some of them were detected by earlier versions of F-PROT, 
but not identified accurately.

_1792
Anarchy
Assassin.952
Assassin.959
Belorussia
Burger.441.C
Burger.560.AW
Burger.560.AX
Burger.560.AY
Burger.560.AZ
Burger.560.BA
Burma.442.C
Burma.442.D
Consumed
Demand.666.B
Demand.789.B
DS
HLLO.4240
HLLO.8608
HLLO.Hepatitus
HLLO.Joker.B
HLLO.Number_1.E
HLLO.Tyst
HLLO.Virms
IVP.200
IVP.365
IVP.374
IVP.478
Leprosy.573
Leprosy.666.I
Leprosy.666.L
Leprosy.666.N
Leprosy.1306
Leprosy.47857
Leprosy.Lubec
Leprosy.Skism.808.E
Lseek
Material
Milan.WWT.125.D
Mr_Twister
Necropolis.D
Ooops
Over1644
Radish.8444
Radish.8466
SillyOR.131
Simple_Minded.123
Simple_Minded.207
Sum
TheDraw
Trivial.27.B
Trivial.30.I
Trivial.32.C
Trivial.33.B
Trivial.42.H
Trivial.45.F
Trivial.46.B
Trivial.75
Trivial.82
Trivial.92
Trivial.99
Trivial.157
Trivial.346
Trivial.579
Trivial.Tom
VCL.288
VCL.302
VCL.457
VCL.1297
VCL.Fire
VCL.Mindless.423.D
VCL.Mindless.423.E
VCL.Mindless.423.F
VCL.Mindless.423.G
VCL.Monet.267
VCL.Monet.466 and
VCL.Viral_Messiah.705
Zero-to-O.C

The following 372 new viruses can now be removed. Many of 
them were detected by earlier versions, but are now 
identified accurately.

_376
_490
_535
_1054
_1125
_3120
Alex_II
Alex&Solo
Andreew
AntiCad.4096.K
Anticheck
AntiPascal_II.400.B
ARCV.Ice-9.639.B
Arjworm
Armagedon.1079.F
Austr_Parasite.543
Ash.280.B
Baba.350
Better_World.F
Blue_Nine.A
Blue_Nine.B
BootExe.203
BootExe.204
Breaking.B
BW.371
Cascade.1701.AC
Cascade.1701.AE
Cascade.1701.AF
Cascade.1704.AA
Cascade.1704.AB
Catscratch
Cavaco
Chaos.1181.L
Charm
Cholera.A
Cholera.B
CLME.1952
Clonewar.923.D
Cpxk.B
CSF
Danish_Tiny.263
Dark_Avenger.1800.N
Dark_Avenger.1800.O
Dark_Avenger.2000.Satan
Deathboy.640
Dead.1374
Deaf.1119
Dei.1948
Demand
Dennis.689
Diamond.1024.C
Digress
Drunk
DSU.1414
DSU.1422
Eader
Ear.Ear.1024.C
Ear.Ear.1026
Easy
Emmie.2702
Este
Exp.1617
Exp.1619
F-soft.633
F-soft.656
Faerie.286.A
Faerie.286.B
Faillure
Father_Mac.269
Father_Christmas
Fewster
Firewalk
Five_days
Flip.2153.F
Flip.2153.I
Form.F
Galya
Gambler
Gidra.502
Ginger.2624
Gippo.Stunning.B
Glitch.449
Good_Doctor
Gotcha.828
Gotcha.1778
Grazie.859
Grazie.1361.C
Grog.216
Grog.926
Grunt.344
Gysium
H_Andromeda.725
Helloween.1160
Hellspawn.1071
Hermanos.2015
HLL.3779
HLL.4075
HLL.4568
HLL.4984
HLL.8304
HLL.Birthday.5824
HLL.Birthday.7808
HLL.Linda
HLL.RSW
HLL.Rust
HLLC.8736
HLLC.14880
HLLC.1769.B
HLLC.Enrico
HLLC.Unvisible.A
HLLC.Unvisible.B
HS.903
Icelandic.1600
Intruder.1336
Intruder.1353
Inv-evil.769
Int78.B
IT.462
IVP.705
IVP.803
IVP.927
IVP.Bad_Friday
IVP.Silo
IVP.Thursday
J&M.B
Jaat
Jerusalem.1808.Blank.D
Jerusalem.1808.Zeros
Jerusalem.2000
Jerusalem.2465
Jerusalem.2472
Jerusalem.AntiCad.2900.ABT.B 
Jerusalem.Fu_Manchu.C 
Jerusalem.Maroccan
Jerusalem.PSQR.D
Jerusalem.Sunday.O
John
Jtemp
Kaos.C
Keyboard-bug.1568
Keypress.935
Keypress.995
Keypress.1232.O
Keypress.1232.P
Keypress.1266
Kela.1171
Kela.1735
Kela.1904
Kela.2520
Kela.2530
Keybug.1268
Khiznjak.692.B
Khiznjak.719
Khiznjak.731
Khiznjak.749
Khiznjak.765
Khiznjak.823
Khiznjak.846
Khiznjak.1269
Kid.434
Kiwi.512
Klubb
Krad
Kyokushinkai.2048.A
Kyokushinkai.3072
Leath
Lehigh.B
Lemming.2151
Lesson_I.300
Letter_H
Little.B
Loki.1228
Lubek
Lyceum.944
Lyceum.1800
Magda
MegaS
Metal.400
Micro.B
Mirea.925
Mirea.950
Mirea.1953
Mirea.1962
MMIR.279
MMIR.421.B
Mooc
Mr_Gu.545
Multiflu.791
Multiplex.815
Murphy.Pest.B
Murphy.Tormentor.1072.C
My_Child.B
Natas.4774
New_Year
Ng.706
Ng.914
Ng.1036
Night_knight
Ninety_two
Nr
Ohm
Orchid.351
Overdoze.470
Overdoze.472
P&C
Patoruzu
Peep
PDV
Pixel.850.B
Polonaise
Powertrip
Press.B
Prodigy
Proto-T.599.B
Proto-T.602
Proto-T.654
PS-MPC.310
PS-MPC.311.B
PS-MPC.388
PS-MPC.430
PS-MPC.441
PS-MPC.487
PS-MPC.480
PS-MPC.504
PS-MPC.510
PS-MPC.517
PS-MPC.564.C
PS-MPC.564.D
PS-MPC.565.I
PS-MPC.574.F
PS-MPC.578.N
PS-MPC.578.O
PS-MPC.578.P
PS-MPC.578.Q
PS-MPC.598.D
PS-MPC.598.E
PS-MPC.598.F
PS-MPC.606.G
PS-MPC.1295
PS-MPC.DemoExe.32947
PS-MPC.Dork
PS-MPC.G2.Puppet
PS-MPC.G2.Stargate
PS-MPC.HD
PS-MPC.Mema.1187
PS-MPC.Mema.1201
PS-MPC.Mema.1203
PS-MPC.Mema.1217
PS-MPC.Mercenary
PS-MPC.Payrise.874
PS-MPC.Shrimp
PS-MPC.Snort
PS-MPC.Weak
Pure.440
Quarry
Rajaat.287
Rajaat.443
Rajaat.679
Rajaat.700
Realize
Red_October
Reedcat
Republic
Rescue
Retix
Rodolf
Sandy.1107
Satyricon.355
Sauron_II
Scratch.374
Shirley.C
Shizol
SillyC.96
SillyC.128
SillyC.144
SillyC.169.B
SillyC.179
SillyC.190
SillyC.215.B
SillyC.264
SillyC.302
SillyC.331
SillyC.343
SillyC.498
SillyC.563
SillyC.626
SillyCR.76
SillyCR.80
SillyCR.125
SillyCR.130
SillyCR.131
SillyCR.200
SillyCR.239
SillyCR.240
SillyCR.261
SillyCR.264
SillyCR.330
SillyCR.357
SillyCR.563
SillyCER.307
SillyER.323
Simplex.504
Simplex.507
Sink
Siskin.763
Sistor.2605
Slava
Small_comp.89
Sofia_Term.899
Soldier
Sql
SRP.2264
Stinkfoot.1283.A
Stinkfoot.1283.B
Sylvia.1332.F
Syslock.Syslock.F
Tai-Pan.434
Tamsui.19033
Tokyo.1068
Traceback.2930.B
Trakia.653
Trash
Trash_soft
Try
Tver.532
Twisted.239
Twisted.461
Union
Ussr-414
UTA
Uucckk
Uvjan
V-160.164
VBasic.G
VCL.208
VCL.279
VCL.315
VCL.316
VCL.342
VCL.Anston.B
VCL.Bev.516.B
VCL.Catholic
VCL.Code_Zero.652.B
VCL.Genesis.738
VCL.Grail
VCL.Heevahava.520
VCL.Lobo
VCL.Pleasure
VCM
Vcode
Vienna.486
Vienna.620
Vienna.648.AF
Vienna.BNB.K
Vienna.BNB.L
Vienna.Violator.5305
Viv
Vor.1536.A
Vor.1536.B
Vor.1536.C
Vor.1584
Wally.981
Wart
WMA
Write
XAM_II
Yankee-Doodle.TP.44.E
YB.402
Zero_Hunter.415.B
Zero_Hunter.415.C
Zero_Hunter.415.D
Zielona

The following 171 new viruses are now detected and 
identified but can not yet be removed.

_1685
2-up
4On
AC
Annihilator.272
Annihilator.304
Annihilator.357
Annihilator.379
Annihilator.390
Annihilator.412
Annihilator.711
Anston.1782
Antipode
Attitude.827
Australian_Parasite.Split.1033
Australian_Parasite.Split.1035
Backform.A
Backform.B
Badcommand
Ball
Beer.3192.B
Bettle
Blackhack
BoxBox
Bug
BW.474
Cannibal
CHCC.1428
CLI&HLT
Congrats.918
CorpLife
Cybertech.552
D-K
Daemaen.2041
Dalian
DBF.990
DBF.1115
Deathboy.893
Deathboy.912
Deathboy.931
Deathboy.937
Dementia
DIR-II.1024.E
DIR-II.1024.J
DIR-II.2048
DIS
Dodger
Drug
E-Morph
Emmie.2604
Emmie.2823
Emmie.3097
Eternity.410
Eternity.411
Eternity.562
Eternity.599
Exterminator
Father_Mac.289
Father_Mac.303
Father_Mac.789
Father_Mac.836
Father_Mac.1360
Father_Mac.1455
Father_Mac.1470
Father_Mac.1495
Father_Mac.1496
FF_char
Fraud.600
Fraud.666
Girls
Ha!.1224
Halka
Hello.615
Hello.640
Hello.720
Hellspawn.Gif.681
Hermanos.27773
HLL.3677.B
HLL.4942
HLL.5000
HLL.LouLou
Hnyslov
Honey.1029
I_am
Ieronim_III
Inquis
IVP.510
IVP.665
IVP.766
IVP.811
IVP.827
IVP.874
IVP.886
IVP.939
IVP.974
IVP.2316
Kela.823
Keyboard_bug.2262
Keypress.1000
Khai
Khiznjak.515
Khiznjak.565
Khiznjak.1011
Konkoor.1933
KSV
Leech.1025
Leech.1026
Legozz
Loren.1374
Megabug
Mirror_II
Miss_D
Monte_Carlo.1483
Monte_Carlo.1541
Mut-int.694
No_of_the_Beast.Z
Nocopy.3685
NRLG.666
NRLG.755
NRLG.813
NRLG.824
NRLG.853
NRLG.865
NRLG.901
NRLG.964
NRLG.985
NRLG.1001
NRLG.1007
NRLG.1009
Orchid.311
Ostap
Otti
PCBB.1679
PCBB.3072.A
PCBB.3072.B
PD
Pfeifer
Phyton
Pinky.1124
Poison
Pollution.822
Predator.1072.B
Prime.1164
PS-MPC.DK.693
Psychosis.1195
Pyramid
Renegade
Rest
RMNS.736.B
Robal
Ryazan.B
Sabados
Scramble.1203
Scramble.1253
Scramble.1256
Screaming_Fist.512
Sentinel.4636.B
Shatin
Skater.673
Tina
TS.1200
TS.1235
TS.1418
Tver.776
VCL.511
VCL.2037
VCL.Genocide.952
VCL.Genocide.981
Verb
Vic.793
Vinchuca
Vinnitsa.1620
Vinnitsa.1658
Vodka
VVF.1868
Wasp.623
Wasp.903
Wormsign
Zherkov.2269
Zipper

The following 16 new viruses are now detected, but not 
identified. F-PROT will just report the family name with 
a (?), as it is not yet able to determine which variant 
it is dealing with. Disinfection of these viruses is not 
yes possible.

DSME.Apex
DSME.Connie.B
DSME.Demo
DSME.Teacher
Minosse
Mombasa
Mutagen.0_90.Agent
Mutagen.0_95.Agent
Mutagen.1_00.Agent
Mutagen.1_00.Secret
Mutagen.1_10.Agent.A
Mutagen.1_10.Agent.B
Mutagen.1_10.Hitek
S-bug.Fruitfly
Scacchi.Bishop
Scacchi.Rook

The following 1 viruses which were identified by earlier 
versions can now be removed.

Singapore

Over 120 viruses have been renamed.

------------------------------------------------------------------------------
F-PROT Professional 2.17 Update Bulletin
========================================
Data Fellows Ltd, Paivantaite 8, FIN-02210 ESPOO, Finland
Tel. +358-0-478 444, Fax +358-0-478 44 599, E-mail: f-prot@datafellows.fi

This material can be freely quoted in Europe, Africa and Asia when
the source, F-PROT Professional Update Bulletin 2.17 is mentioned.
Copyright (c) 1995 Data Fellows Ltd.
