AGUTOWS%WAYNEST1.BITNET@VMA.CC.CMU.EDU (Arthur Gutowski) (10/25/89)
>From Virus-L Digest v2.220, frisk writes: > Well - now I know of one victim of the Datacrime-II virus ..... > myself. :-( Well, you shouldn't feel alone. A friend of mine who works for ERIM (Environmental Research Institute of Michigan) got hit too. His quotes sounded something like this (before being hit): "Oh, I'm not worried, I don't do much software trading, and what I do is straight from BBSs and buying from vendors." That was until he turned on a computer at work on Saturday 10/14. He had recently DLed a copy of PKZ102.EXE (PKZIP v1.02, self-extracting) from CompuServe and decided to try it out. Although I can't be sure that this was the source of the infection, eh told me it was the first time he had had a chance to run the program (hence, strong implication). Then it was showtime. Bye bye hard drive, low level format (F6) to cylinder 0. Effectively wiped out all access to the hard drive. Even a large chunk of the 2d copy of the FAT was duly destroyed because of this. He admitted to me that rebuilding a FAT, even with Mr. Norton's help, is not much fun. Needless to say, he has grudgingly accepted from me a disk containing several acrhives of antiviral tools to help him along in the battle. This disk is soon to be out in our Consulting center and student labs. Hopefully we can make enough people aware of things like this before more have to pay the awful price. Thankfully, it's already happening... One final note, I'm not POSITIVE it was DC that hit him, it may have been some variant. He is currently trying to see if he can get the infected program to me so I can look at it using info I've gained from watching here. Two strane things that made me question my assumption: 1) No "DATACRIME" message was thrown up on the screen that he remembers; 2) A name, Siegmar Schmidt, was written to the partition record. Now again, it DID format cyl0 and only cyl0...can anyone say for sure? Please e-mail me to the bitnet address above, 'twould be much appreciated. It CAN happen to anyone! Art +------------------------------------------------------------------+ | Arthur J. Gutowski, Student Assistant | | Antiviral Group / Tech Support / WSU University Computing Center | | 5925 Woodward; Detroit MI 48202; PH#: (313) 577-0718 | | Bitnet: AGUTOWS@WAYNEST1 Internet: AGUTOWS@WAYNEST1.BITNET | +==================================================================+ | "OOPS, what OOPS?!?...No, I diSTINCTly heard you say 'OOPS'!" | +------------------------------------------------------------------+