klavan@emerald.rutgers.edu (Jeff Klavan) (10/25/90)
Hi people - has anyone heard of this virus? (Mcafee's "SCAN" doesnt recognize it) All around my hard drive, directories with the names "DELETED" are appearing which is getting very annoying. (thats virus #1) The second, perhaps related, perhaps not, does the following - it erases file from my hard drive, and leaves only one character in the file. (Hex e5) If anyone has ever heard of theses, or knows of a de-viruser that might help me out - PLEASE get in touch with me ASAP. thanks VERY much in advance - Jeff Klavan (klavan@emerald.rutgers.edu) PS - virus alert: Mcafee scan v68 is a VIRUS/TROJAN. do NOT use it.
nol2321%dsacg4.dsac.dla.mil@dsac.dla.mil (Jim Dunn) (10/31/90)
NO, the hidden subdirectories called DELETED are NOT virus or trojan! They are simply an action of a program by Microsoft, called RM.EXE. You see, the Microsoft Editor brags being able to bring back old edits, and the only way to do that is to SAVE them. It creates the DELETED subdirectory and stores the files in there. As for the 'e5' filenames, never heard of it. ALSO, the SCANv68 is A TROJAN!!! Jim, jdunn@dsac.dla.mil
FISHER@sc2a.unige.ch (Markus Fischer) (10/31/90)
klavan@emerald.rutgers.edu (Jeff Klavan) writes: > Hi people - has anyone heard of this virus? (Mcafee's "SCAN" doesnt > recognize it) > > All around my hard drive, directories with the names "DELETED" are > appearing which is getting very annoying. (thats virus #1) > > The second, perhaps related, perhaps not, does the following - it > erases file from my hard drive, and leaves only one character in the > file. (Hex e5) > [...] About the `deleted' directories, I once used one of MicroSoft editors called `m' (I think it was with a FORTRAN compiler), which did exactly that: create *hidden* directories with name `deleted' to store the older versions of your files. Of course, there were several tools (don't remember the names) that allowed you to list, restore, and delete these backups. For a better diagnosis, you should try to pinpoint the exact behavior of the `virus': remove all `deleted' directories, and check for their appearance between every application you run. Then list the content of the dirctory, look at the files, and try to find out how they are related to what you were doing (or to anything else in your system...). The same goes for the second `virus'. Which files get deleted, when do they get deleted, etc. Of course, you *have* a complete backup of your data files. Markus Fischer, Dpt. of Anthropology, Geneva.