system@syzzle.chi.il.us (SYSTEM 0PERATOR) (03/19/91)
A friend has run accross this copy of pkz110.exe which was infected with the Sunday virus (also know as Israeli/Jerusalem virus). It was the same size as a non-infected version. The particulars follow: pkz110.exe 149219 3-22-90 12:38 pkunzip -t pkz110.exe shows the following: PKUNZIP (R) FAST! Extract Utility Version 1.1 03-15-90 Copr. 1989-1990 PKWARE Inc. All Rights Reserved. PKUNZIP/h for help PKUNZIP Reg. U.S. Pat. and Tm. Off. Searching ZIP: PKZ110.EXE PKUNZIP: Warning! inconsistent local header for file: WHATSNEW.110 Testing: WHATSNEW.110 PKUNZIP: Warning! file fails CRC check Testing: README.DOC OK -AV Testing: MANUAL.DOC OK -AV Testing: ADDENDUM.DOC OK -AV Testing: DEDICATE.DOC OK -AV Testing: LICENSE.DOC OK -AV Testing: ORDER.DOC OK -AV Testing: APPNOTE.TXT OK -AV Testing: AUTHVERI.FRM OK -AV Testing: OMBUDSMN.ASP OK -AV Testing: PKZIP.EXE OK -AV Testing: PKUNZIP.EXE OK -AV Testing: ZIP2EXE.EXE OK -AV Testing: PKZIPFIX.EXE OK -AV Testing: PUTAV.EXE OK -AV PKZ110.EXE has errors! Running f-fchk.exe from the F-Prot virus package shows: F-FCHK Checks files for infection Version 1.14 - Jan. '91 \PKZ110.EXE \PKZ110.EXE Infection: Israeli/Jerusalem Disinfect ?N Number of files checked: 1 Infected files: 1 Infections removed: 0 When trying to run pkz110.exe with the f-driver.sys installed, This program is infected with the Jerusalem virus. Access denied "a:\pkz110.exe" If nothing else, this should serve to demonstrate the value of the various virus protection packages (both SCAN.EXE and F-FCHK.EXE identified the virus), and that it is worth paying attention to the Authenticity-Verification of any archive (ZIP) files. +---------------------------------+----------------------------+ | Al Oomens awol@syzzle.chi.il.us | Simplicity is the ultimate | | This space for rent!!!!!!!!! | form of sophistication! | +---------------------------------+----------------------------+