SLAM4.011: McAfee hates HLL viruses by KidChaos/SLAM
McAfee hates HLLT viruses
By Kid Chaos [SLAM]
Heya buddies ;) i am surfing every day on Antivirus Web Pages and I found this comment at the following URL:
http://support.nai.com/Forums/Thread.cfm?CFApp=21&Thread_ID=2895&mc=2
Date: April 19, 1998 08:46 PM
Author: Lou Sabovic (LSABOVIC@EXECPC.COM)
Subject: Rusty Bug & CaSio USA
We were having a problem with a computer at a client's office. Have come to find out that his son was trying to learn how to "make a virus" by disabling VirusScan and downloading as many different viruses he could find. Things got away from him and the computer began to have load problems.
When I got involved, I clean booted and used Virus Scan. It identified and cleaned 84 different viruses. (Yes, that was eighty - four). After clean boot I started WIN95 and began having problems. No CDROM was identified, the AUTOEXEC and CONFIG files were changed. A "Safe Boot" worked only once after which I got a 3x5 white box with the following inside it.
"Rusty Bug...........................CaSio USA". Now I can not get any of the floppy drives to work for a clean boot. The system boots goes through a load of some type, and, tells me that there is insufficient memory and either locks or leaves me at a C prompt. I can't interrupt the load with control C or control break. Sometimes at the C prompt I can do a dir and access some of the drive. It won't let me run SCAN ! Any idea's short of
FDISK and re-install. Thanks Lou
(http://support.nai.com/Forums/Index.cfm?CFApp=21&Message_ID=12208)
Date: April 22, 1998 11:30 AM
Author: Keith @ TechSupport (support@mcafee.com)
Subject: hllt
This virus is a com/exe infector. It can only spread by executing a file that it has infected. The only way to clean this virus out is to DELETE THE FILE it is infecting and replace the file with a backup.
The only way I can see that this would keep you from booting is if it infected any of your startup commands. There is something else keeping you from booting, I doubt it is a virus.
The floppy drives are not affected by any loaded programs. I would check the system bios and make sure that the floppy drive A: is set to boot first before the C: drive.
Network Associates Online Support
(http://support.nai.com/Forums/Index.cfm?CFApp=21&Message_ID=12599)
Hehehe :-), imagine... you have to backup all your programs, because McAfee can't remove the Rustybug & Krile virus families (viruses created by RAiD/SLAM written in ASIC)... That's hard work excepting the situation when you got a better AntiVirus or you've bought a good Backup program.... }:-D
What happened to McAfee guys?...err, NAI guys (yep, i remember that they merged at network associates). They still have problems cleaning HLLT viruses. I've tested RustyBug variant of 5330 bytes and other AVs like AVP are able to detect & remove it. On the other hand, McAfee just shows: "no current remover available"! pfff...(I've tested it with the latest VirusScan 3.16 and latest datafile 3104)
Nowadays, an efficient antivirus needs to detect and remove every present virus. In our "almighty" Internet, viruses are a threath, because you can easily send via e-mail an infected program O:-) .
PS: Don't forget that RAiD's viruses are able to infect Windows and DOS files.
Regards
KC [SLAM]
