doc@holin.ATT.COM (David Mundhenk) (01/13/89)
This is a portion of the output from "chk4bomb.exe" when run on "trek.exe" from the recent "egatrek" posting in comp.binaries.ibm.pc. Several of us here think this is a little suspicious and would like some other opinions on this, possibly even from the author. The part "dir c:\*.exe...." is strange, to say the least. Any explanations? ################################################################# [] CHECKING FOR BOMBS AND ASCII CHARACTERS IN FILE TREK.EXE. [] [] Note that some machine code will print as ASCII characters and [] appear as gibberish....other ASCII strings in the program will [] be readable. Most programs have the code first, followed by data. [] [] CHECKING 147120 BYTES [] [] EXE file...skipping header of 15024 bytes. [] [] [....stuff deleted...] [] [] EGA Trek [] NCC-17018Hint: Never warp with your shields up. It wastes energy. [] Live long and prosper.)Hint: Always use PhoTorps at close range. [] ;May the great bird of the galaxy roost on your home planet. [] :Hint: Mine for spare dilithium crystals whenever possible.U [] @RSP [] @RSP [] C:\> dir *.exe [] Volume in drive C is HARDDISK [] Directory of C:\ [] 'TSRTEST EXE 7520 12-01-87 12:52p [] '123 COM 129480 4-28-88 7:46a [] 'MW EXE 99030 7-13-86 5:00p [] 'INSTALL EXE 1024 1-01-80 12:00a [] & 4 File(s) 2947072 bytes free [] C:\> _U [] BGI Triplex font V100 - 19 October 1987 [] Copyright (c) 1987 Borland International [] TRIP [] BGI Device Driver (EGA/VGA) V1.00 - 31 September 1987 [] Copyright (c) 1987 Borland International [] 640 x 200 EGA [] 640 x 350 EGA [] 640 x 480 VGA [] 640 X 350 EGA MONO [] [] [...more stuff deleted...] [] [] ****WARNING**** [] This program uses the ROM BIOS routines for direct disk access. [] This program COULD format a disk or write to certain sectors without [] updating the directory or File Allocation Table. [] DO NOT RUN this program until checked by an expert, unless you [] are familiar with the author or company. [] [] [] <END OF FILE> 147120 Bytes in file were read.
doc@holin.ATT.COM (David Mundhenk) (01/13/89)
BTW, Sorry about the ^M's in this posting - I tried to get rid of them.... :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: EMAIL: ...!att!holin!doc | "I can't complain but | /^, VOICE: (201)-949-5308 | sometimes I still do"| / } _, , , __ #include <std.disclaimer> | - Joe Walsh | /_./ (_l |/ <~_ ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
teittinen@cc.helsinki.fi (01/13/89)
In article <324@holin.ATT.COM>, doc@holin.ATT.COM (David Mundhenk) writes: > This is a portion of the output from "chk4bomb.exe" when run > on "trek.exe" from the recent "egatrek" posting in > comp.binaries.ibm.pc. > > Several of us here think this is a little suspicious and would > like some other opinions on this, possibly even from the author. > The part "dir c:\*.exe...." is strange, to say the least. > Any explanations? Some of the text deleted... > [] @RSP > [] @RSP > [] C:\> dir *.exe > [] Volume in drive C is HARDDISK > [] Directory of C:\ > [] 'TSRTEST EXE 7520 12-01-87 12:52p > [] '123 COM 129480 4-28-88 7:46a > [] 'MW EXE 99030 7-13-86 5:00p > [] 'INSTALL EXE 1024 1-01-80 12:00a > [] & 4 File(s) 2947072 bytes free > [] C:\> _U If you have read the DOC-file that comes with TREK.EXE then you should have noticed that there is a "panic key" in the program. I don't remember what is it, but it meant to be used "when the boss wanders by" and it brings a typical DOS-screen on your display. The test that appears is just the one above. Though there is a mistake - as anyone can see - it says "dir *.exe" and there is 123.COM in the file list :-) I tried the program a couple of times, but then deleted it from my disks because though it has great graphics, it does not bring anything really new to a game that is too easy to win. But it never did anything harmful to my disks or anything that gives me a reason to suspect it is a virus, but I used it only a couple of times as I said. -----------------------------------+------------------------------------------- EARN: teittinen@finuh I "Studying is the only way to do nothing Internet: teittinen@cc.helsinki.fi I without anyone complaining about it." -----------------------------------+------------------------------------------- Marko Teittinen, student of computer science -------------------------------------------------------------------------------
cpp90221@dcscg1.UUCP (Duane L. Rezac) (01/14/89)
From article <324@holin.ATT.COM>, by doc@holin.ATT.COM (David Mundhenk): > > > Several of us here think this is a little suspicious and would > like some other opinions on this, possibly even from the author. > The part "dir c:\*.exe...." is strange, to say the least. > Any explanations? > ################################################################# > [] C:\> dir *.exe > [] Volume in drive C is HARDDISK > [] Directory of C:\ > [] 'TSRTEST EXE 7520 12-01-87 12:52p > [] '123 COM 129480 4-28-88 7:46a > [] 'MW EXE 99030 7-13-86 5:00p > [] 'INSTALL EXE 1024 1-01-80 12:00a > [] & 4 File(s) 2947072 bytes free > [] C:\> _U Hey, lets RTFM before posting a question like this.... the doc's state that if you enter Shift-F1 while playing the game, it enters "BOSS" mode- that is, it displays the above data on the screen to make it look like you have a directory listing on the screen instead of playing a game on company time... (of course we *NEVER* do that ;-) I've tried it, and IT WORKS JUST LIKE THE DOC'S STATE { { { { { { { { { { -- +-----------------------+---------------------------------------------------+ | Duane L. Rezac |These views are my own, and NOT representitive of | | dsacg1!dcscg1!cpp90221|my place of Employment. | +-----------------------+---------------------------------------------------+
doc@holin.ATT.COM (David Mundhenk) (01/17/89)
In article <438@dcscg1.UUCP> cpp90221@dcscg1.UUCP (Duane L. Rezac) writes: >From article <324@holin.ATT.COM>, by doc@holin.ATT.COM (David Mundhenk): >> Several of us here think this is a little suspicious and would >> like some other opinions on this, possibly even from the author. >> The part "dir c:\*.exe...." is strange, to say the least. >Hey, lets RTFM before posting a question like this.... >the doc's state that if you enter Shift-F1 while playing the game, it >enters "BOSS" mode- that is, it displays the above data on the screen to >make it look like you have a directory listing on the screen instead of >playing a game on company time... (of course we *NEVER* do that ;-) >I've tried it, and IT WORKS JUST LIKE THE DOC'S STATE You're right, I'm wrong, I'm sorry.... If I had thoroughly read "trek.doc" I would have seen the discription of the "BOSS" mode. That doesn't mean that I shouldn't run chk4bomb on the program, and ask about suscpicious-looking code. I just should thoroughly investigate it, and not be so hasty :-} Sorry about the bandwidth.... -Dave