Contents of the README file
By Jason Mathews, November 1991
This program finds and identifies filename conflicts,
which may be potential worm programs.
Compile this program with Turbo C with the following command:
tcc -O findworm.c
Use -O for optimization.
Type "FINDWORM [d:]", where d: is the drive to search for
Definition:A worm is a self-replicating, autonomous program (or set of
programs) that can replicate itself, usually over a network.
A worm is a complete program by itself unlike a virus which
is part of another program.
This program searches for worms that attach themselves to a specific
host executable program, such as the "Aids II Companion Virus". This "virus"
exploits the fact that .COM files have precedence over .EXE files. If two
programs, such as test.exe and test.com, are in the same directory then
test.com is executed because it has precedence over test.exe. A worm can
therefore duplicate .COM files that act as companions to corresponding .EXE
files. The worm .COM file will be executed first, which can first duplicate
itself to override another .EXE file and then spawn the .EXE program process.
The .EXE program behaves as normal because it is no affected in any way, but
the .COM file is allowed to run first. The worm program completes it mischief
before giving control to the original requested program.
FINDWORMS will search for every .COM file and check if there is a
matching ".EXE" in the same directory. These ".EXE" files are overridden by
the corresponding ".COM" program. This ".COM" programs are detected and
displayed. Regardless of whether these programs are worms, there still exists
a conflict between these programs. It may just be some program that was
installed with the same name. For instance, there may be many install.com and
install.exe files throughout the disk.
If there are many hidden ".COM" files with the file length then it is
most probable that they are worms. Carefully check all programs before
deleting anything. First rename, either the .COM filename or the .EXE
filename to something else, and then re-run both files, starting with the .EXE.
If the .COM file is a worm then it will not have the companion host .EXE to
execute and may cause errors.