IA96@PACE.BITNET (IA96000) (11/17/89)
Update on the virus contained in the file EAGLE.EXE. 1) It IS NOT new! It is Jerusalem B. 2) It IS infectious and will spread. 3) Scan WILL NOT detect the virus UNTIL EAGLE.EXE is run, at which time the /M command line switch for Scan picks up the virus during the memory check. 4) IF COMMAND.COM IS FOUND in the root directory of the drive EAGLE.EXE is executed from, the BOOT and FAT sectors are completely destroyed with the Hex 246 character! Several other sectors get destroyed at the same time. Jerusalem B is loaded into memory and waits silently. 5) If COMMAND.COM is notfound in the root directory, Jerusalem B loads into memory. No damage is done to the disk. 6) KISS AN EAGLE TODAY! is then printed to the screen. Not only is the program EAGLE.EXE contain a live virus, it is also a trojan in disguise, waiting to wipe the BOOT & FAT areas clean. We are now checking to see if the trojan part of the program is passed along when Jerusalem B is loaded into memory. In any event, the file is DANGEROUS and care should be taken.