=========================================================================
Date: 10-22-92 (02:27)             Number: 2551
From: SYSOP                        Refer#: NONE
  To: ALL                           Recvd: YES
Subj: PROTO-T VIRUS!!!!!             Conf: (1) Ecstasy
-------------------------------------------------------------------------
        << This message has been condensed and some names have been
        deleted. I heard of this first hand on some of my LD travels. I
        am posting this for informational purposes only. Do take
        precautions.....>>

  This is a quoted message regarding the MOST SCARY virus to date..

  This is an exact copy of a "Broadcast" letter sent to all members and
affiliates of (deleted); a group located somewhere in the San
Francisco Bay Area. While I do not support the general theology of
((deleted)) Inc, I must applaud thier actions. Thier warnings about a
new virus called PROTO-T, will potentially save us computer users
possibly thousands of dollars - and hundreds of man hours.

Here is a copy of the broadcast letter, as received from a friend
at ((deleted)) ...

  <<*>>     <<*>>     <<*>>     <<*>>     <<*>>     <<*>>     <<*>>

     Date    : 9\24\92 11:14pm
     To      : All ((deleted)) Members, and affil.
     Re      : PROTO - T
     Class   : Confidential (go public 9-26)


     Dear Members,

     At 7:34PM (pst) our attempt to isolate and contain the PROTO - T
virus failed. As we have discovered, PROTO - T has a *VERY* unique
feature, to hide in the RAM of VGA cards, hard disks, and possibly,
in modem buffers. Unfortunaly, we found out the hard way - after it
struck.
At this time, there is no known defence against this virus, save
formatting your hard\floppy disks - there isn't even a method of
detecting it yet...untill its too late.
[ PROTO - T specs listed later ].

     (deleted) ( Portland, Oregon ), and (deleted) ( Alameda, Calif )
were working on isolating the virus when it struck. Over 900 megabytes
of information was lost, of that about 214 megabytes is probably
recoverable.

Action :

     Please assist us in implementing this plan, to warn the general
public.  Our first priority is our fellow ((deleted)) members. Please
distribute this letter to all contacts inside the U.S., upon recipt of
this letter.  Please inform the public on 9-26-92 notifying all P.D.
boards. 
--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=

What is known:

   Proto - T was just a rumor, untill it was confirmed a few weeks ago.
(deleted), being the most incredible skip-tracer, traced its origins to
a college campus in California. There, it was placed into two files.
The first, is a file called "TEMPLE" - which to our knowledge, has no
legitimate use; it seems to be a dummy file. The other file, was
placed in an unathorized version of PKZip by PKWare ( versions 3.0, and
3.1 - these are not legitimate versions of PKZip! Quite possibly, these
versions of PKZip were created, for the reason of distributing
PROTO - T ).

    Proto - T is very elusive. There is no program known to detect it.
From what we understand, it will only infect your system if certian
conditions are met. From what we know, it will infect your system only
if you run TEMPLE, or PKZip 3.x after 6:00pm. Even doing that wont
nessaraly cause infection - it took 6 days for (deleted) and
(deleted) to become infected. Obviously some other criteria must be met.

    Upon infection, the virus is written (as un-attached file chains),
On two parts of a hard disk - each capable of running independently
without the other half.

    After infection, the virus seems to be written into the memory or
memory routines of a VGA or EGA monitor; or is written into the memory
of the hard drive, or quite possibly, into a modem - or COM port.
Thus excaping most or any known detection methods.

PROTO - T :

     Proto - T when activated, corrupts data on a disk, stops VGA or EGA

from being used ( Thus either defaulting to CGA, or locking up ), and
prohibits memory from being used over 512K.

Known to be put into two files : TEMPLE.EXE ( 14,771 Bytes ) and PKZip
3.x (Varries always over 100,000 bytes when zipped). If you see these
files - do not get or use them.

Give this letter to all ((deleted)) members and thier contacts, followed
by other boards. With luck, we can stop the damage before it *REALLY*
starts.

                                (deleted), San Francisco Bay Area.


 Special Thanks for (deleted), (deleted), and Blue Boar for all thier

help with this "Early warning" and tech help.

---
 þ Via ProDoor 3.4R    2 Nodes, 3 Gigs, 2 Bad....Node' Tres'
 þ QNet3á þ Us NetMail

