IA96%PACE.BITNET@VMA.CC.CMU.EDU (IA96000) (10/24/89)
My friend just received, and I now have in my posession a free
disk from a Shareware copying company, which he received after
he sent in a "bingo" card from a popular computer magazine.
The disk has three infected files on it:
1) GETKEY.COM 3074 bytes 01-01-80 12:35a
2) CL.COM 3457 bytes 08-01-86 02:39p
3) LIST.COM 7871 bytes 06-17-86 02:37p
SCAN version 0.7V42 reports as follows:
GETKEY.COM - 3066/2930 TRACEBACK VIRUS
CL.COM - 3066/2930 TRACEBACK VIRUS
LIST.COM - FU MANCHU VERSION A
GETKEY.COM and CL.COM are in the disks ROOT directory. CL.COM
appears to a hidden file, as it is not seen when you do a DIR from
the DOS prompt. LIST.COM is in the subdirectory \ORD.
To be fair to the company which sent the disk, I will mention their
name here, as in all probability, they do not know the disk is
infected. No sense creating another major problem...
The disk label is designed as follows:
1989 COMPANY NAME CATALOG
***************************
P.O. xxxx HESPERIA, CA 92345
MAY VIEW OR PRINT CATALOG & ORDERFORM
TO START CATALOG . . . A>START
The disk has one subdirectory on it named \ORD which contains 8 files.
The ROOT directory contains 25 files.
My friend spotted the fact that LIST.COM is in both the ROOT and the
sub-directory and the file sizes differ. Also, since he did not know
the company, he ran SCAN as a precaution.
If Dave Chess at IBM or Mr. McAfee wants a copy of this disk, please
let me know...by EMAIL. I have gone to great lengths to not identify the
company to avoid any problems.
Also..please note this disk WAS NOT sent to the university, nor was any
damage done to any of the university equipment.
I hope I have given you all enough information to identify the disk,
if you happen to receive one. The disk was not unsolicited, in other
words, the disk was requested by my friend and the magazine has nothing
to do with this issue, at this point in time.