Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.milw.wisc.edu!bionet!ames!apple!usc!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: HAUPTMAN@DMRHRZ11.BITNET
Newsgroups: comp.virus
Subject: FluShot+ and 1701 virus (PC)
Message-ID: <0007.y8907171856.AA19378@ge.sei.cmu.edu>
Date: 17 Jul 89 17:43:40 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 26
Approved: krvw@sei.cmu.edu

Things I've learned since my first message on our virus:

There is a 'Virus Epidemic Center' at University Hamburg (Prof. Brunnstein) and
their VIRUS-KATALOG list something called Herbstvirus or Blackjack. It's
description sounds similar to our symptoms although it increases *.COM files by
1704 bytes while our virus needs 1701.

On one mailing list I found an announcement:
   'DVIR1701.EXE -- detects and removes 1701 from COM files'

After installing Flushot+ and executing one of the infected files FSP brought
up the message:
   'An attempt is being made to infect your system by:
    Cascade Virus (aka 1704 Virus)                     '
Beside that experiment no further problems were revealed by FSP and our system
is still up and running.

Things I still would like to know:

Did someone unassemble this virus?
What was it supposed to do?
Can infection be caused by other programs than those identified by 01 FA 8B EC?
Can other files be already corrupted by this virus?

 --- Klaus Hauptmann
   (msommer on BIX, HAUPTMAN@DMRHRZ11 on Earn/Bitnet)