Eyes.EXE False Alarm
EYES.EXE or WINEYES.EXE caused alarms similar to GHOST and SHEEP: it's a simple demo program which has created
a lot of warnings. This program was analysed and found harmless.
EYES.EXE false alarm
Naturally, whenever any program is declared clean, there's a risk
that somebody will take the file and infect it - since people
will now trust it. To overcome this problem, you can verify the
files against the 32-bit CRC's of the confirmed clean versions
(as displayed by PKUNZIP):
Length
Method Size Ratio Date Time CRC-32 Attr Name ------ ------ -----
----- ---- ---- -------- ---- ---- 317792 DeflatN 117014 64% 09-12-96
08:25 683ae9da --w- SHEEP.EXE 317088 DeflatN 116749 64% 03-12-96
22:17 3662678a --w- SCMPOO16.EXE 28096 DeflatN 14145 50% 30-10-96
13:20 5dce8738 --w- GHOST.EXE 28064 DeflatN 14142 50% 13-11-96
13:45 a6839c30 --w- GHOST2.EXE 28065 DeflatX 14121 50% 11-22-96
12:11 f47d5cbd --w- GHOST3.EXE 54048 DeflatX 9157 84% 11-15-96
14:42 ba2cda0b --w- EYES.EXE ------ ------ --- -------
Read this: As speculated above, a malicious person can easily
infect any of these programs and make them harmful. In June 1997,
we received a samples of the above SHEEP.EXE infected with the
Windows-based Tentacle virus.
Here's the CRC of the infected version (as displayed by PKUNZIP):
Length Method Size Ratio Date Time CRC-32 Attr Name
------ ------ ----- ----- ---- ---- -------- ---- ----
319750 DeflatN 118568 63% 26-06-97 18:16 60a4617a --w- ESHEEP.EXE
------ ------ --- -------
*********************************
List
of known hoaxes:
A B C D E F G H I J K L M N O P Q R S T U V X Y Z
Welcome to my hoax section
if you encounter a message about a virus please send
to [email protected] or call me on ICQ#22015420
I
do not spread hoaxes! these pages are simply to inform
other users that they are hoaxes. Please to not spread
hoaxes. Hoax warnings are typically scare alerts started
by malicious people - and passed on by innocent users
who think they are helping the community by spreading
the warning.
Do
not forward hoax messages. There have been cases where
e-mail systems have collapsed after dozens of users
forwarded a false alert to everybody in the company.
Corporate users can get rid of the hoax problem by simply
setting a strict company guideline: End users must
not forward virus alarms. Ever. If such message is received, end users could forward it to the IT department
but not to anyone else.
|
