IRMSS907%SIVM.BITNET@VMA.CC.CMU.EDU (09/08/89)
I got this from the PROFS-L discussion list...Mignon Erixon-Stanford
*** Forwarding note from KIEFFER --UNCANET 09/06/89 19:48 ***
Date: Wed, 6 Sep 89 18:16 PDT
A computer virus has just appeared in the CERNVM system in the form of
a set of files which copy themselves to your A-disk when you execute
the commands RELEASE or DROP. The mechanism is that there is a modified
RELEASE EXEC which invokes a module called DVHVIR which copies itself,
plus other files, to your A-disk. It is sufficient to be linked to a disk
containing these viruses to be vulnerable to them. Some of the copied files
pretend to be parts of the directory maintenance system and we do not
yet know what damage they may cause.
Please take the following action: look for any of the following files on
your disks and ERASE them at once
RELEASE EXEC
DVHGMN EXEC
DVHGKB EXEC
DMSXMS EXEC
DVHVIR MODULE
We are attempting to find the source of this virus and are taking
other preventative measures.
User SupportMBDMD@ROHVM1.BITNET (09/11/89)
Does anyone have any additional information on this? [Ed. Text of recent VM/CMS virus warning deleted.] Martin J. Doyle VM Systems Programming Contractor Rohm and Haas Company Philadelphia, Pennsylvania MBDMD@ROHVM1 (215) 752-2296