Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: DAC@CUNYVMS1.BITNET (Danny Choriki) Newsgroups: comp.virus Subject: re: New DOS virus for CUNY Grad Schl. Message-ID: <0004.9011201348.AA00696@ubu.cert.sei.cmu.edu> Date: 19 Nov 90 16:59:00 GMT Sender: Virus Discussion List Lines: 49 Approved: krvw@sei.cmu.edu Hello, I reported the following incident but forgot the screen message which is as follows -- read on for more detail. Thanks again for any assistance. on jo assennettu icht deaktiviert werden -- Mausmenu ist aktiv cute huh. >We have a computer problem that looks alot like a malicious program to >us. Following is a brief description of the incident. Please be >descriptive in the subject line on any responses as my new mail messages >on any given day is 20+. > >The machine is an IBM-AT clone made by Maxum which we have had in an office >environment for over a year. Recently we have put the machine on a Novell >network and were in the process of adding on a serial mouse when this problem >arose. The machine no longer boots. It gets to the second line of the >config.sys file and then hangs. Booting from a floppy diskette will get the >machine into working order, however the hard disk is no longer available. > >Now for the truly bizarre stuff. The CMOS was slightly alterred (from what >I can see). The date was changed to 1942. The problem occurred the first >time after the machine was brought down after November 13th (which was 11/15). >as the guy who uses the machine likes to keep it on all the time.) > >Additionally, if you let the machine sit and attempt to boot for about 2 >minutes, you get a two line message which I at first thought was gobbledy- >gook and then on reflection realized looked alot like German. Our pseudo >interpretation is something like "the machine is disconnected, the master >menu is activated." > >Looks suspicious to me. I was going to include the text of the message >here but apparently I forgot to bring it home. I will repost with the >text after I get into work on Monday afternoon. However, any suggestions >or thoughts before then would be appreciated. > >Aloha, >Danny Choriki **************************************************************************** snail: Danny Choriki, Environmental Psychology Program, CUNY 33 West 42nd Street, New York, NY 10036-8099 Sol III, Milky Way, Local Group bitnet: dac@cunyvms1 econet: dchoriki internet: dac@timessqr.gc.cuny.edu compuserv: 71470,3060 - ---------------------------------------------------------------------------- [insert your favorite disclaimer about here...]