hwg-graphics archives Dec 1997 new search results previous next

VIRUS ALERT -- Please Note

by mleder(at)po-box.mcgill.ca

 Date:  Sun, 14 Dec 1997 22:30:53 +0100
 To:  hwg-graphics(at)hwg.org
  todo: View Thread, Original 
Dear members and staff:

Please absorb the following information objectively before reacting too
quickly. I may be wrong, but I believe I may have received a virus through
the HWG GRAPHICS group or perhaps independantly from some individual who
only knows me (as I was surprised to find out that there was no reaction so
far on the Internet; no news of a new virus). 

I know that I do have a virus on the computer without a doubt. However, I
wanted to get feedback from any of you as to whether you have noticed any
anomolies on your computers since December 11th 1997. 

Please accept my apologies for posting this notice in this forum, but I
think it's worth the kind of spamming I may receive as a consequence.

The symptoms of this virus are as follows:

1) It's a hidden / invisible virus...difficult to detect without the proper
software tools
2) It reproduces files at random with various names to them and different
extensions
3) It slowly, consistently and at random times erases the harddrive
4) It has not so far deleted any program files, but it has affected the
performance of especially one: PHOTOSHOP
5) It MAY come in the form of an e-mail message that states the following:

From: ???@??? Thu Dec 11 1997
>From : Postmaster
Date: Thu Dec 11 1997

IMAP4 SERVER --- VERY IMPORTANT DATA ---- DO NOT DELETE

(--END--+PSEUDO--)

It's very short but illogical as there is no way to trace it's origins from
the blahblah function of eudora. 

I did delete that message, and ever since, the anomolies occurred. 

Various organizations are to be notified, including the FBI. Unfortunately,
this message is genuine, I wish it wasn't though. And, please don't panic
and send this all over the place. Just be aware of the possible chance that
viruses can be transmitted through e-mail as invisible, or temporarily
hidden attachments that can only be executed once you delete the message
into the mailbox trash and then into the recyclying bin. That was my
mistake....I think...or it could have just been an applet java virus. Yes,
they exist...please refer to the Boieng Article on the subject from Yahoo.

Other symptoms:

6) It adds size to certain files, some of mine are named (never seen
before) 386.swp, win --, etc. 
7) A new file extension has appeared in the options file extensions window
called .---, or 2 file (with an adobe sign on it). 
8) Some files had no name at all, only an icon
9) No known anti virus protection software can presently detect it as far
as I know. The newest McAffee definitions have been rendered useless, and
webscan has not reacted.

I don't know what else to say. Any suggestions would be appreciated. I
would appreciate objective and interested parties to work with me on
understanding the nature of this virus, and finding out whether it's
solvable or not. Please contact your sources if you can, and any further
info on agencies, specialists, etc would be gratefully appreciated.

mleder(at)po-box.mcgill.ca
Michael

HWG MEMBER GRAPHICS

HWG: hwg-graphics mailing list archives, maintained by Webmasters @ IWA