(6936) Mon 3 Dec 90 22:44 By: Jim Heinrich To: Windows Users Re: Virus Warning St: Sent ------------------------------------------------------------ @MSGID: 1:152/25 c196be38 The following appeared in the Windows Echo and was forwarded to me from Carl Best (There are a couple of places where it got a little garbled, but the message is clear enough). ............. ............................................... Msg Base: #12 - MICROSOFT WINDOWS USERS ECHO (E10/099) Msg No: 840. Sun 11-11-90 10:09 From: Linda Tyjewski To: All Subject: Passing the word along... . From another sysop: ------------------ . Well, I finally got hit. Even though I check all my files thoroughly with Virus checkers, after three years of running a BBS, I finally got hit. . I've narrowed the culprit down to two files, ICONDR.ZIP and WINCHK.ZIP. Even though both of these files have passed all my virus scans, I still believe one of these files (probably WINCHK) to be the one with the virus attached. I have, threfore, removed both these files from my download areas. Both of the files are Windows 3.0 applications. . The machine this virus hit was my 386/20 at work where I'm checking out Windows 3.0 as a possible environment for certain users. My other two machines, including this one, have not been affected. . Why am I sure that It was a virus? The virus messed up my system in the following ways: . - replaced my system boot files (IBMDOS & IBMBIOS) with faulty versions which would not boot nor would they allow writing to the 60 meg hard disk. The replacement files were dated 00/26/80. - rewrote my CMOS so it said I had a 'NEW PRODUCT' video card and screen - even though I have a VGA screen and card. - found all .EXE and h o them out, making .e the FAT. Sorry Jim, looks like it got garbled here. Wn t, fT did not match. - screwed up many of three making themdew - made the disk wre - went into all the .ZIPossna .COM files and thltat .. More damage could have occured had I not sensed that something was wrong Although some of the items above cd c sr operator error, many of the ii ie. The last two files I had loaded and run on my systew WINCHECK. The only fi nr . both files on previouss . I called the 800 number listed on WINCHECK and tako The version I was usin0ce impression is that the sc e introduced later.Tnnvoi attacks dealing with tho. I pass this information along so that you can be aware t meant to be a scare tatnaca foolproof and thatsrpges who get their kicks ts. I'll let you know if I find out anything further. . There's also a trojan being uploaded under the guise of a new version of SCANVxx. Latest McAfee official release is SCANV67C....the trojan is being uploaded as SCANV70....always some nut wanting to spoil things for everyone else. --- Sorry about the mess above^, the scariest part about the virus that is going around in winchk 1.0 is that it apparently looks for .ZIP files, and unzips all the .exe's and com's, inserts itself into them and re-zips them Also he said it trashed all the coms and exes on his system, created a bunch of dummy, hidden files, and some other mischief. NASTY The person who reported this said there probably would have been more damage, except that he became very suspicious when his system went into a long disk access (very long, I think) when he exited windows, and he turned the power off. Apparently the virus scanner that he ran didn't catch this one. bye.....cb --- QuickBBS 2.64 (Reg) @SEEN-BY 152/2 3 4 5 6 7 8 10 12 15 16 19 21 23 24 25 26 27 29 30 34 @SEEN-BY 152/35 36 37 38 69 77 15225/1 @PATH: 152/25 3 * Origin: We've the best politicians money can buy! (1:152/25)