Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!samsung!rex!uflorida!travis!hardy!leoh From: leoh@hardy.hdw.csd.harris.com (Leo Hinds) Newsgroups: comp.windows.ms Subject: Re: ***WARNING*** possible windows virus in the cica uploads directory Message-ID: <2618@travis.csd.harris.com> Date: 13 Mar 91 22:50:18 GMT References: <2610@travis.csd.harris.com> <2856@sparko.gwu.edu> Sender: news@travis.csd.harris.com Organization: Harris Computer Systems, Ft. Lauderdale, FL Lines: 30 In article <2856@sparko.gwu.edu> iqbal@seas.gwu.edu () writes: >In article <2610@travis.csd.harris.com> leoh@hardy.hdw.csd.harris.com (Leo Hinds) writes: >>Hopefully I am crying wolf, but the following is what happened to me right now: >>1) I downloaded from the cica uploads directory a file called yourway.zip >> YourWay Ha Ha Ha! > text strings> >>Is this just a fluke or a "windows virus"? ... the YourWay Ha Ha Ha! leads me >>to believe the latter ... but I am open to suggestions. > After clicking "OK" I notice THERE WERE NO WINDOWS AT ALL ON MY >SCREEN!!!. I.e. I could move my mouse around the screen, but all I >could see was my .bmp on the screen. I did a strings on the exe and got an 800 number & called them ... It turns out that this demo program was targeted before (about 6 months ago) and that the developer had sent out messages to remove the infected version from circulation. The developers are going to send me a disk with the clean copy ... if there is interest, I can upload it to cica when I get it ... It would appear as though someone saved a copy & is doing it all over again. I wonder if the people @ cica have any records of who uploaded the file, or at least the system they FTPed in from ... leoh@hdw.csd.harris.com Leo Hinds (305)973-5229 Gfx ... gfx ... :-) whfg orpnhfr V "ebg"grq zl fvtangher svyr lbh guvax V nz n creireg ?!!!!!!? ... znlor arkg gvzr