tneff@bfmny0.BFM.COM (Tom Neff) (03/14/91)
In article <1991Mar14.185158.7690@agate.berkeley.edu> korpela@stew.ssl.berkeley.edu (Eric J. Korpela) writes: >I wish people would stop referring to YOURWAY.EXE as having a virus. >From what I have heard, it sounds like YOURWAY.EXE is a Trojan. Until >you hear some evidence that YOURWAY.EXE is infecting other EXE files >call it a Trojan. A little proper terminology can save a lot of trouble. >A person who steps on a mine isn't killed by biological warfare. On the other hand, if YOURWAY is a legitimate commercial or shareware product, and that "Ha Ha Ha" thing got tacked onto a copy somehow and is spreading around, then it IS a virus. So we need more info. -- Canadians eat only buffalo and beer pie: Live in a /\ Tom Neff vast barren land: Consume 6 billion dollars of alcohol \/ tneff@bfmny0.BFM.COM per year: Always say "What will be, will be": Canadian /\ uunet!bfmny0!tneff facts -- courtesy of Republic of China Tourist Bureau \/
mgjones@miavx1.acs.muohio.edu (Mike (Felix) Jones) (03/14/91)
For anyone interested, I did a dump from LABTEST by Panda to see what was in the program YOURWAY.EXE. This is what I got. You can see the "ha ha ha" in it a little ways down. (I suggest getting something like labtest, it can save on BIG headaches, especially since many virus authors leave some kind of message) include yourway.lbt
mgjones@miavx1.acs.muohio.edu (Mike (Felix) Jones) (03/14/91)
Ooops. Didnt get the file to include. Well here it is.
PANDA SYSTEMS -- LABTEST
YOURWAY.EXE
--------------------------------------------------------------------------------
**** WARNING ****
This program may use BIOS routined to write
to a disk at the following locations:
31AC
------------------------------------MESSAGES------------------------------------
103: This program requires Microsoft Windows.
12d: $ Z
add: YOURWAY
af1: KERNEL
afc: USER
b01: WIN87EM
1352: ,YourWay (C) 1989, 1990 Prisma Software Corp.
1382: FNPRINTCARDNOTE
1394: FNMERGE
139e: CALVIEWCTRLWNDPROC#
13b3: FNSAVE
13bc: FNLABEL
13c6: FNLABELPOS
13d3: TODOWNDPROC%
13e1: CARDENTRYFORM8
13f1: FNCARDFORMAT
1400: CARDWNDPROC
140e: LISTALARMDLGPROC6
1421: PINWNDPROC
142e: ICONWNDPROC
143c: CREATECALENDARDLG4
1450: FNTODOCTRL)
145d: FNSORT
1466: FNABOUT
1470: FNCALLSTATUS
147f: PHONESETUP?
148c: FNREPORTNAME,
149b: DDEDLG0
14a4: FNPAGELAYOUT
14b3: FNABORTPROC
14c1: DDEDIALOGPROCB
14d1: CARDFILEWNDPROC
14e3: FNABORTDLGPROC
14f4: DDE_SETUP7
1500: REPORTHEADDLG=
1510: FNNOTEREPORT>
151f: NOTEDLGPROC
152d: FNDELETEE
1538: FNDIAL
1541: QUERYNEXT2
154d: FNSTAMP*
1557: FNFIND'
1560: FNSEARCH:
156b: REPORTWNDPROC<
157b: QUERYDLG1
1586: FNPRINT
1590: PINEDITWNDPROC!
15a1: FNPRINTCARD
15af: SETALARMDLGPROC5
15c1: INDEXEXTRACT9
15d0: CALVIEWERWNDPROC"
15e3: TIMERPROC3
15ef: FNTODOLAY(
15fb: FNREPORTDLG+
1609: FNGOTO&
1612: FNCARBONCOPY
1621: RECALLDLG@
162d: FNACT$
1635: DLGPROC
163f: FNENVELOPE
164c: COPYRIGHTMESSAGE
165f: CARDEXPORTDLGA
166f: CALENDARWNDPROC
1681: FNPATH
168a: FNOPEN
1693: FNPRINTCALENDAR
16a5: FNNOTECOMM;
19c8: tkGN
19db: tX<"t$<\t
1a0c: t'<"t
1a95: t^<"t'<\t
1ac9: t*<"t
1dac: ,atJ,
2c98: RPRP
3399: WVS3
3753: QSRUVP
384a: AkU'9
38c2: ?S;uD
3915: zc%C1
3c9c: HMXB
3d74: z?aUY
3e09: -64OS
3e2a: NKeb
3fa3: QVW&
424b: <0r!<9w
42c1: <0r?<9w;-0
42cf: <0r$<9w ,0
4559: Ht2Ht
4ac1: SQVW
6371: YourWay
6379: Ha Ha Ha!
6430: \*.CRD
64ba: November
64c3: Saturday
64dc: <>ab,cd
64e4: ><ab,cd
653c: _C_FILE_INFO=
65d9: ((((( H
6744: SunMonTueWedThuFriSat
675a: JanFebMarAprMayJunJulAugSepOctNovDec
67a0: 1#SNAN
67a7: 1#QNAN
67ae: 1#INF
67b4: 1#IND
67ef: Ce+000
686a: 333333
687e: MbP?
689a: <<NMSG>>C RUNTIME ERROR
68b5: R6000
68bc: - stack overflow
68d1: R6003
68d8: - integer divide by 0
68f2: R6009
68f9: - not enough space for environment
6925: run-time error
6937: R6002
693e: - floating-point support not loaded
7fed: PPPPPP
8986: PPPP+
89ca: TRP+
89cf: PPPP
8a0b: TRPPPPP
8a5f: DRPPPPP
8b31: PRPPPPP
efa0: t!w`=
11354: PPPPP
13bb8: t;<"t7<0|
187c6: t=wX=
1de2a: t?<\t
1ff8b: t"<=t
22ddd: PRP+
26d30: < t)<,t%<
26d3a: t!<:t
2ed27: &9GQs3&
2f041: &9GQs
37096: _^F9v
375e9: t < t
39b86: &File
39b99: &Open...
39ba6: &Merge...
39bb9: &Save
39bc3: Save &As...
39bd8: &Print...
39be6: Prin&t All
39bfa: &Import...
39c0e: &E_Mail
39c1a: Comm&unications
39c2e: &Launch...
39c3e: &Edit
39c4d: Shift/Del
39c5b: &Copy
39c61: Ctrl/Ins
39c6e: &Paste
39c75: Shift/Ins
39c88: Edit Inde&x...
39c9b: Index &List
39cb0: &Move Front Card
39cc5: Co&py Front Card
39cda: &Insert Card
39ce9: &Search |
39cf7: &String Search...
39d11: &Conditional Search...
39d2a: &Card
39d34: &Go To Cards
39d4d: Auto&dial...
39d66: &Add...
39d76: De&lete...
39d85: D&uplicate...
39da9: Data &Exchange
39dbc: Da&ta Link (DDE)
39dd6: &String Extract...
39ded: &Conditional Extract...
39e07: &Page
39e11: &Go To Page
39e29: &Fill Template
39e3c: &Attach Comments...
39e54: &Spell/Thesaurus...
39e74: &Launch Word Processor
39e8d: C&alendar
39e9b: &Go To Calendar
39eb7: &Week At a Glance
39ecd: &Month At a Glance
39ee9: &Set Alarm...
39efb: &List Alarm...
39f13: Create Calendar...
39f2a: &Clock
39f33: &To-Do
39f3e: &Go To To-do
39f57: Clipboard_1
39f67: Clipboard_2
39f75: &Report
39f81: &Go To Report
39f9b: &Create Report...
39fb6: &Total
39fc1: &Header
39fcd: &Copy To Clipboard
39fe3: Set&up
39fee: Predefined &Activity...
3a00a: &Stamping on Note...
3a028: &Card Format...
3a03c: &Page Format...
3a050: &Envelope Format...
3a068: &Label Format...
3a07d: &To-Do Format...
3a097: E_MAIL Launch...
3a0ac: Communication Launch...
3a0c8: WordProcessor Launch...
3a0e4: General Launch...
3a10f: Delete Card
3a12a: Delete
3a141: &Front Card
3a15d: &Tagged Cards
3a17b: &Index Range
3a198: Range On Index
3a1b7: From:
3a228: &Cancel
3a240: Confirm &each delete
3a26f: DATA DIRECTORY
3a28d: Important Note:
3a2ad: Your have changed your WIN.INI file, please specify yourway data directory.
3a309: Data Directory:
3a37f: Print Calendar:
3a39f: Date
3a42f: UPDATE
3a445: Program:
3a46f: Filename:
3a49a: Range of Data
3a4b8: From: R1C1
3a4e6: Row:
3a4fb: Column:
3a54d: &Update
3a57f: Print
3a595: Car&d
3a5ab: &Note
3a5c1: Print Range
3a5dd: &Single Card
3a5fa: &All Cards
3a6cf: DATA EXCHANGE
3a6ec: Import From Clipboard
3a712: &Format Only
3a72f: F&ormat and &Card Data
3a756: Export to Clipboard
3a77a: Format and Card &Data
3a7cf: NOTE REPORT
3a7ea: From Category
3a808: Ca&lls
3a839: L&etter
3a851: Field From Card
3a90f: Report Header
3a92c: Report Title:
3a95b: Subtitles:
3a9ab: Cancel
3a9f0: Category
3aadf: CONDITIONAL SEARCH
3ab01: Search For :
3ab1e: C&ard
3ab7f: INDEX EXTRACT
3ac1f: WORD PROCESSOR
3ac3d: Link To:
3aca8: &Remove
3accf: COMMUNICATION
3ad6f: E_MAIL SETUP
3ad8b: E_Mail Link To:
3ae1f: LAUNCH SETUP
3ae3b: Link To :
3aebf: ALARM LIST
3aed9: The Current Alarms:
3af3f: ALARM
3af54: Date:
3af7b: Time:
3afa2: Lead Time:
3afce: Alarm Contents:
3b03f: CREATE CALENDAR
3b05e: Starting Year :
3b08f: # of years :
3b0ff: Find Next:
3b15f: Operator
3b189: != means NOT EQUAL
3b1af: <> means WITHIN
3b1cf: >< means OUTSIDE
3b1f0: #CATE only works with '='
3b21a: Instruction
3b236: 1. Place cursor in Editbox
3b268: 2. Select Cardfield
3b28c: 3. Place cursor in editbox again
3b2c4: 4. Select Operator
3b2e7: 5. Type in value
3b308: Condition_1
3b35a: .And.
3b370: Condition_2
3b3c2: Card Fields:
3b3df: - Note -
3b3f8: Use #CATE for undefined field
3b465: &Example
3b47f: LAUNCH
3b4ea: &Launch
3b51f: CREATE REPORT
3b53c: Report Name:
3b56a: From C&ard
3b585: From N&ote
3b5a0: Cr&eate
3b5df: Report Field
3b5fb: Note
3b610: Select field from card fields,
3b63f: double click to delete from
3b66b: report fields.
3b6b8: Report Fields:
3b72f: Stamp
3b7bf: Open Dialog
3b816: &Launch Another YourWay
3b83e: File:
3b865: Path:
3b88c: &Open
3b8be: Todoctrl
3b8c7: To-Do Control
3b8e4: Cat&egory
3b942: Priority
3b994: Activities
3b9af: &Predefined
3b9cb: &Type In
3b9ef: TODO LAYOUT
3ba26: Name:
3ba4d: Quadrant_1:
3ba69: Quadrant_2:
3ba85: Quadrant_3:
3baa1: Quadrant_4:
3bb2d: &Next >>
3bb70: Save file as:
3bbdf: Index Line:
3bc3f: CARD DATA ENTRY FORM
3bc63: Index:
3bc7a: Card Contents
3be2f: Merge Screen Cardfile With:
3bebe: Retain Screen C&ard
3bee2: Retain Screen N&ote
3bf06: &Merge
3bf71: On &Index
3bf8b: On C&ard
3bfa4: On &Note
3bfff: Find next:
3c08a: Version 1.0x
3c0a7: Copyright 1990, Prisma Software Corp.
3c14d: Sending
3c176: to print spooler.
3c19f: PHONE_CALL
3c1b9: Dial:
3c1e0: Prefix:
3c209: &Use Prefix
3c225: Stamp On Note
3c243: &Time of Call
3c261: &Elapsed Time
3c2ab: &Setup>>
3c2df: Call Status
3c2fb: Co&mplete
3c315: &Recall
3c32d: Call &Back
3c348: Remark
3c3c0: Stamp to CALENDAR on :
3c413: Person:
3c42b: Phone_#:
3c4bf: Phone Setup
3c4da: Dial Type
3c4f4: Tone
3c509: Pulse
3c51f: Port
3c534: Com1
3c549: Com2
3c55e: Com3
3c573: Com4
3c588: Baud Rate
3c5b6: 1200
3c5cb: 2400
3c5e0: 9600
3c650: Type in:
3c6bf: Margins:
3c6d8: Left:
3c6ff: Top:
3c725: Right:
3c74d: Bottom:
3c776: Measurement:
3c793: &inch
3c815: Letter/&Form
3c832: &Envelope
3c84c: &Label
3c863: Ca&rbon Copy
3c880: Paper Feed
3c89b: &Manual
3c8b3: &Batch
3c8ca: Mail
3c8df: &Single
3c90c: Number of copies:
3c97f: Type in number of duplicates:
3c9ef: CONDITIONAL EXTRACT
3ca12: Extract from:
3ca30: &Index
3cac0: Type in data:
3cb2f: Size
3cb44: Label (2.5 X 1)
3cb64: Label (3.5 X 1)
3cb84: Card (2.25 X 4)
3cba4: Card (3 X 5)
3cbc1: Layout Editor
3cc05: Single
3cc30: # of Columns:
3cc70: Done
3ccaf: Envelope
3cde5: &Save Envelope
3ce2f: Carbon Copy
3ce4b: Name of receiver:
3ce7e: Position:
3cea9: lines after the last line
3ceff: LABEL FORMAT
3cf1b: Label Size
3cf36: Width:
3cf4d: Height:
3cfaf: Margin
3d09f: Position of Label
3d0c1: From Left:
3d0ed: From Top:
3d14f: CARD FORMAT
3d1bf: LETTER COMMENT
3d1dd: Comment:
3d218: &Attach
3d26f: Predefined Activities
3d30e: CalViewCtrl
3d31a: Calendar Control
3d338: PCalViewer
3d354: Schedule at
3d3da: &Type in
3d431: The Prisma Software Corporation, YourWay!
3d45c: Copyright 1990 All Rights Reserved Prisma Software Corporation
3d4ac: THE PROXIMITY/MERRIAM-WEBSTER THESAURUS
3d4d5: Copyright 1984 All Rights Reserved Proximity Technologies Inc.
3d526: Copyright 1984 All Rights Reserved Merriam-Webster Inc.
3d561: Delete "%%"?
3d56e: Save current changes: %%
3d587: About...
3d590: Cards
3d597: Control Panel8You cannot have two YOURWAY.EXE running at the same time
3d5f1: Card
3d5f7: (untitled)
3d602: Cardfile data*Please pick up the phone. Ok to continue?
3d65c: CONTROL.EXE
3d681: Cannot dial number.
3d695: Not enough memory.
3d6a8: Replace existing %%
3d6bc: Not a valid filename.
3d6e0: "There is no text in the clipboard.#Not enough disk space to save file.2Cannot create temp file. You cannot make changes.#Not enough memory. Card not saved.
3d790: +Not enough disk space to save current card.'Cannot open temp file. Card not saved.
3d7e5: Not enough memory to read data.!Not enough memory to run YourWay.
3d841: Not a valid card file.
3d858: Cannot find %%
3d867: Not enough memory to read.
3d882: Cannot print.
3d8a1: There is no modem connected.
3d8be: Cannot create %%
3d8cf: Not enough memory to print.
3d8eb: Not enough disk space to print.
3d920: /# of copies must be numerical and at least one./Please go CALENDAR MENU to create CALENDAR file
3d981: File Existed, OK for Overwrite
3d9a0: Wrong Selection From Editbox
3d9d1: Please enter: mm/dd/yy, hh:mm
3d9ef: Illegal month input
3da03: Illegal day input
3da15: Illegal year input
3da41: ACTIVITY.POS
3da4e: LAUNCH.POS
3da59: WORDPROC.POS
3da81: EMAIL.POS
3da8b: COMMUN.POS
3da96: Only .EXE or .PIF Extension
3dac0: ,You have to go to SETUP do card format first%Cannot run the file or file not found
3db30: ,Your report will be printed in separate page
3db71: Cannot save clipboard 1
3db89: Cannot save clipboard 2
3dbb1: Wrong Time Entry
3dbc2: Calendar Full
3dbe1: CALLED
3dbe8: CALENDAR
3dbf1: LETTER
3dbf8: NULL
3dc11: Windows
3dc19: Device
3dc20: Modem
3dc26: Com2,T,F
3dc41: LABEL.POS
3dc4c: ENVELOP.POS
3dc58: PRINCARD.POS
3dc70: :Do you want to recall ?
3dc8a: Yes for Recall, No for Callback.
3dcc1: WRITE.EXE
3dce1: The header is too long
3dcf8: This column is not number
3dd12: The total is
3dd31: Clipboard
3dd3b: Next >>
3dd43: Prev >>
3dd4b: QUAD1.POS
3dd55: QUAD2.POS
3dd71: POSTODO.CTO
3dd7d: POSDONE.CTO
3dda1: Search For:
3ddad: STRING SEARCH
3ddbb: Extract
3ddd1: String too long
3dde1: Two strings cannot be same
3de11: Search On:
3de1c: NOTE SEARCH
3de28: Extract From:
3de36: NOTE EXTRACT
3de50: The edit control cannot be empty!Incorrect format in the Clipboard
3ded8: You cannot have two **
3df01: Condition 1-1 cannot be empty
3df1f: Condition 2-1 cannot be empty
3df50: The field not in the card format
3df80: IYou cannot have more than 20 cards in your cardfile for this DEMO version
3dfe1: Total Cardfile Export DonecPartial Cardfile Export completed. After pasting,
3e030: return to YourWay and click data exchange again
3e072: ZNo speller and Thesaurus for this DEMO Version,
3e0a4: Call 1-800-747-0319 for more information0first <blank> last name of person receiving c.c.
3e111: Your Note Is Full-The Report is over 64K, It will be truncated!
3e151: Save Current File First!
3e180: 5Are you sure you want to change your template letter?
3e1b7: Wrong file extensionCIn order to add additional information
3e1f5: you must delete some items
3e220: &You have to enter even number of '\' !&You have to enter even number of '|' !&You have to enter even number of '^' !5You cannot have more than 20 letter between two '^' !+You cannot have more than six pair of '^' !
3e310: QYourWay System will EXPIRE on next 10 days or so
3e342: Call 1-800-747-0319 to order now
3e363: The field name too long
3e37b: The field is meaninglessIIf you want to use the spelling checker, please type the word in the page
3e3f1: No response for your last Data Link command.
3e41f: Please go back to the Data Link dialog box and
3e44f: be sure all the parameters are correct.>You have already had Card Data in the buffer, YES to overwritecccstevn@underdog.ucdavis.edu (Steve Ansell) (03/14/91)
In article <4259.27dea283@miavx1.acs.muohio.edu> mgjones@miavx1.acs.muohio.edu (Mike (Felix) Jones) writes: >Ooops. Didnt get the file to include. Well here it is. > > PANDA SYSTEMS -- LABTEST > YOURWAY.EXE >-------------------------------------------------------------------------------- [HUGE output from labtest deleted!!!] Please tell me: what was the point of posting this entire thing to the group other than to waste net-bandwidth? I doubt that many people found all that information very usefull. -- -Steven T. Ansell Unix Consultant Computing Services U.C.D.
) (03/14/91)
In article <4253.27de98b2@miavx1.acs.muohio.edu>, mgjones@miavx1.acs.muohio.edu (Mike (Felix) Jones) writes: > For anyone interested, I did a dump from LABTEST by Panda to see what was in > the program YOURWAY.EXE. > > This is what I got. You can see the "ha ha ha" in it a little ways down. > (I suggest getting something like labtest, it can save on BIG headaches, > especially since many virus authors leave some kind of message) > > include yourway.lbt Does anyone know whether VIRUSCAN will flag this file or not? -- +------------------------------------------------------------------------------+ | Santanu Sircar BITNET: ssircar@umaecs.bitnet | | University of Massachusetts/Amherst INTERNET: ssircar@ecs.umass.edu | +------------------------------------------------------------------------------+
korpela@stew.ssl.berkeley.edu (Eric J. Korpela) (03/15/91)
In article <4253.27de98b2@miavx1.acs.muohio.edu> mgjones@miavx1.acs.muohio.edu (Mike (Felix) Jones) writes: >For anyone interested, I did a dump from LABTEST by Panda to see what was in >the program YOURWAY.EXE. > >This is what I got. You can see the "ha ha ha" in it a little ways down. >(I suggest getting something like labtest, it can save on BIG headaches, >especially since many virus authors leave some kind of message) > >include yourway.lbt I wish people would stop referring to YOURWAY.EXE as having a virus. From what I have heard, it sounds like YOURWAY.EXE is a Trojan. Until you hear some evidence that YOURWAY.EXE is infecting other EXE files call it a Trojan. A little proper terminology can save a lot of trouble. A person who steps on a mine isn't killed by biological warfare. As far as I know, no Windows virii exist. The discovery of a Windows virus would be important because a virus is potentially much more dangerous than a trojan. That is because virii spread, trojans don't. That make a big difference when it comes to prevention. /\ korpela@ssl.berkeley.edu Internet /__\ rioch BKYAST::KORPELA 42215::KORPELA DecNet / \ of Chaos korpela%bkyast@ucbjade Bitnet (_____________________ <aka Eric Korpela>
tom@mims-iris.waterloo.edu (Tom Haapanen) (03/15/91)
Felix) Jones <mgjones@miavx1.acs.muohio.edu (Mike> writes: > For anyone interested, I did a dump from LABTEST by Panda to see what was in > the program YOURWAY.EXE. >This is what I got. You can see the "ha ha ha" in it a little ways down. >(I suggest getting something like labtest, it can save on BIG headaches, >especially since many virus authors leave some kind of message) I, too, downloaded YourWay. Before the first postings about viruses, I ran it and seemed to work just fine. I played around with it for a little while, but nothing untoward happened. When I saw the postings, I downloaded the latest SCANV (version 75, from late February) to check it out. But SCANV didn't find anything --- and it knows about close to 500 viruses! I've erased YourWay, but I'm still not convinced it was a virus. Anyway, you can get SCANV for free, register it for something like $40, and quickly scan all your new downloads every time. Recommended. [ \tom haapanen --- university of waterloo --- tom@mims-iris.waterloo.edu ] [ "i don't even know what street canada is on" -- al capone ]
akm@cs.uoregon.edu (Anant Kartik Mithal) (03/17/91)
In article <12803.27df5a6e@ecs.umass.edu> ssircar@ecs.umass.edu (Good writers re-write -- not write!) writes: >> include yourway.lbt >Does anyone know whether VIRUSCAN will flag this file or not? I am still not convinced that Yourway is a virus. I had no trouble with the program. I fooled around with it for about an hour, then deleted it. I have had no problems with any thing since then. I scanned it with McAfee (spelling?)'s virus scan stuff, and it didn't show a thing. My feeling is that this was a buggy version, and the two WIN.INIs that the original poster had confused it. kartik -- Anant Kartik Mithal akm@cs.uoregon.edu Research Assistant, (503)346-4408 (msgs) Department of Computer Science, (503)346-3989 (direct) University of Oregon, Eugene, OR 97403-1202