I may be wrong here, but are you saying that the example you wrote
below will run as a batch file?!!

What I said in my first post was that he was writing a batch file for
network usage.  I don't remember the exact F-Prot warning, but I do
remember it had to do with a "backdoor" type warning.  I then said it
was probably due to a heuristic view of his network commands.

You can print out a virus exe file into ascii, but that doesn't make
it a batch file.  And since I said and ascii batch file cannot contain
a virus, I still don't think I've been proven wrong.   And escape
sequences are not batch files either.  They need/utilize other
executable files or internal operating system functions to work.

I (just like I'm sure you or Jasen could) right a simple debug script
in simple Assembly to erase a hard drive right here in the next couple
of lines of this message.  BUT WOULD THIS POSTING THEN BE CALLED A
VIRUS????????  Of course not.  And it's not about symantics.  If it
doesn't have stripes, it can't be a zebra.  


Wed, 17 Dec 2003 11:15:18 -0500, MIKE ROSS wrote:


> "GREG PAKSI" bravely wrote to "JASEN BETTS" (17
Dec 03  00:01:44)
>  --- on the heady topic of "Re: Batch file virus ???"
> 
>  GP> Notice I said "ASCII" batch file.  There isn't a way
for anthing to be
>  GP> encoded.   No special control characters for machine language of any
>  GP> sort.
> 
> Jasen Betts is absolutely right, there is! Here is an example:
> 
> XPPPYZIQD[L-f6-g41GDSCu*SXK,I,IP^P_FX,O,O(GS(GU(GZ(Gnu+J.BETTS03
> CFFFRX,`,`2$F={at}!t|rQ0%IuL0%(%(%GERYAARX2%(%t8++j=B|:|>{at}J|(|-([{{at}
>
*[{)B}(:/jB&B/&J){{at}J|(}-([{{at}]-B{at}*{at}*|--|J^*|J:]}J}<{~""B]}(={
>
B\:]B"([*-!4vbAw_O>^*W_+>eXBO33%%X7po'7,Tg({at}b0\&(\){
> [10:j{[3sQ=$H+E$Z;=P(%:"#-=LORES=-
> 
> 
> This sample "_executable_ ASCII" .COM program called
LORES.COM, will set
> the screen to display text using a large letter font. BTW IIRC it was
> likely Jasen who posted it in another FIDO echo.
> 
> BUT this type of ASCII encoding isn't the only way to spread a virus.
> There are others I know of. One for example uses ANSI escape sequences
> to reprogram your keyboard keypresses with macros that may totally
> destroy your harddisk. I'm not detailing it however but I ran a simpler
> much less dangerous test with a friend sysop and completely locked out
> his system requiring a hard power down reset! All I had done was to post
> a short half dozen byte ANSI sequence as reply in a message area. ;-)
> 
>  Mike
>  ****
> 
> .. When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
> --- Blue Wave/DOS v2.30
--- Platinum Xpress/Win/WINServer v3.0pr5a