Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!uakari.primate.wisc.edu!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: ttidca.TTI.COM!hollombe%sdcsvax@ucsd.edu (The Polymath) Newsgroups: comp.virus Subject: Re: October 12/13 (PC) Message-ID: <0009.8909281133.AA14331@ge.sei.cmu.edu> Date: 26 Sep 89 19:07:49 GMT Sender: Virus Discussion ListLines: 30 Approved: krvw@sei.cmu.edu In article <0006.8909251230.AA29228@ge.sei.cmu.edu> ttidca.TTI.COM!hollombe%sdc svax@ucsd.edu (The Polymath) writes: }}I'm the editor of our university's computing newletter. I need to }}know how users can detect the October 12/13 virus ahead of time. Is }}there a way at all? ... } }How about backing up the hard disk, then setting the system date ahead to }October 13 and re-booting? Since posting this, I've been advised that some viruses are designed to detect and avoid this test. They do so by keeping track of date increments to make sure they occur one day at a time. Typically, they store a week's worth of dates, possibly more. Assuming a one week buffer, you'd have to implement the sequence "increment date, re-boot, run infected program" at least 8 times to bypass such a check. It's getting nasty out there. }[Ed. Sounds (to me) kind of like testing to see if the mines in an }inert minefield are "ert" by having someone walk through it. :-)] I did say to back up the hard drive first. That way you can resurrect your mine tester if it happens to step on an "ert" mine. (-: The Polymath (aka: Jerry Hollombe, hollombe@ttidca.tti.com) Illegitimis non Citicorp(+)TTI Carborundum 3100 Ocean Park Blvd. (213) 452-9191, x2483 Santa Monica, CA 90405 {csun|philabs|psivax}!ttidca!hollombe