Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!elroy.jpl.nasa.gov!sdd.hp.com!zaphod.mps.ohio-state.edu!ub!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: 3501P@NAVPGS.BITNET (Jeffrey I. Weill)
Newsgroups: comp.virus
Subject: Problems with NARC.EXE (PC)
Message-ID: <0004.9008131823.AA10141@ubu.cert.sei.cmu.edu>
Date: 10 Aug 90 22:33:17 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 17
Approved: krvw@sei.cmu.edu


   We are finding something suspicious when using a shareware program
that functions as a shell for pkarc or pkzip.  The program is called
NARC.EXE 4.0, and has an authorship by Infinity Design Concepts Inc.
1987.  Using the option for changing the drive designation calls up a
pull-down window.  At the top of the window, (which a look at a
hexdump of the executable code tells us should be blank), there is a
strange character string, in multicolor letters.  It says "Die R".
This struck us as rather odd.
   Nothing out of the ordinary has happened.  It may be that someone
has hacked the code as a practical joke.  But if anyone out there has
heard of this happening before, we would like to know about it. I'm
not trying to malign this shareware, we just want to know if perhaps
we might have been hit by a Trojan of some kind.
                                     Thanks;
                                     Jeffrey I. Weill
                                     3501p@NAVPGS