Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!wuarchive!uwm.edu!ux1.cso.uiuc.edu!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: C0195@UNIVSCVM.BITNET (Gregory E. Gilbert)
Newsgroups: comp.virus
Subject: Possible DIR EXEC Remedy (VM/CMS)
Message-ID: <0010.8911281214.AA07608@ge.sei.cmu.edu>
Date: 27 Nov 89 21:18:33 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 41
Approved: krvw@sei.cmu.edu

I adapted the following EXEC to help, possibly, in slowing the DIR
EXEC if it is still a problem.  Please note that I am unaware of any
problems with the EXEC, but it has not been what I would call
"extensively tested" (about 30 minutes in the making) so please do not
be upset at me if it does anything really nasty to some files.  It did
not do anything to my files.  (Above should be read "disclaimer".)

 ------------------------Chop Here if you wish--------------------------
/*  This EXEC was written by Karen Maloney and modified by Greg     */
/*  Gilbert to change any files with the filename of DIR and the    */
/*  filetype of EXEC to a new filename and filetype of TROJAN HORSE */
/*                                                                  */
/*  One can place "EXEC ANTIDIR" (quotes included) in one's         */
/*  PROFILE EXEC and have this EXEC executed upon loggin on.        */
/*                                                                  */
/* ------------------------------------------------------------------
  Note: Though we are unaware of any problems with this macro, we don't
  guarantee it in any way whatsoever and we assume
  no responsibility for any damage you may do with it.  ALWAYS HAVE
  BACKUP COPIES OF IMPORTANT FILES!!!!!
                                           - Greg Gilbert -
- -------------------------------------------------------------------- */
/*                                                                   */
"EXECIO * CP (STRING Q RDR ALL"
 if queued() = 1 then exit
 do i = 1 to queued()
 pull . spid . . . . . . . fname type .
 if fname = "DIR" & type  = "EXEC" then
 "CP CHANGE RDR" spid "NAME TROJAN  HORSE"
else nop
end
exit

 ------------------------------And Here---------------------------------

Gregory E. Gilbert
Computer Services Division
University of South Carolina
Columbia, South Carolina   USA   29208
(803) 777-6015
Acknowledge-To: <C0195@UNIVSCVM>


Brought to you by Super Global Mega Corp .com