Path: utzoo!news-server.csri.toronto.edu!rutgers!dimacs.rutgers.edu!mips!cs.uoregon.edu!akm From: akm@cs.uoregon.edu (Anant Kartik Mithal) Newsgroups: comp.windows.ms Subject: Re: ***WARNING*** possible windows virus in the cica uploads directory Summary: I didn't have the same symptoms Keywords: yourway virus windows Message-ID: <1991Mar13.210331.5957@cs.uoregon.edu> Date: 13 Mar 91 21:03:31 GMT References: <2610@travis.csd.harris.com> Sender: news@cs.uoregon.edu (Netnews Owner) Organization: Department of Computer Science, University of Oregon Lines: 54 In article <2610@travis.csd.harris.com> leoh@hardy.hdw.csd.harris.com (Leo Hinds) writes: >Hopefully I am crying wolf, but the following is what happened to me right now: >1) I downloaded from the cica uploads directory a file called yourway.zip > >2) tried to run it from windows, It popped up a dialog box saying something > about your win.ini file has been modified, and asking where datafiles are > kept. I did not tell it a location but hit the OK button ... result, UAE. Yourway did this for me too. I had extracted it to e:\temp, and gave it this as a location. I *believe* that it keeps a line in win.ini indicating where it's data files are. >3) I copied win.ini to the location I had "yourway" as the data location (a > networked drive) & tried to run it again, this time specifying the complete > path where yourway was located & hit the ok button, again UAE ... but his > time windows was also hung. This seems to imply that you had *two* win.ini files, which doesn't sound good to me. On the other hand, I know absolutely nothing about running windows from a network, so this might be a reasonable thing to do. >4) warm-boot pc & reenter win ... looks funny ... try & edit win.ini ... > contents are gone & replaced with: > YourWay Ha Ha Ha! text strings> If I understand correctly, you had two win.inis. Which one got trashed? >Is this just a fluke or a "windows virus"? ... the YourWay Ha Ha Ha! leads me >to believe the latter ... but I am open to suggestions. I must agree that if I had that sort of thing in my win.ini, I would agree entirely with you. My win.ini (after playing with Yourway for about 20 minutes before deleting it, has: [YourWay] DATA=e:\temp in it. I *believe* that yourway is a commerical product, of which this is a demo version. I think I recall seeing a picture of it in PCWeek or InfoWorld. I *hope* I am right... Don't think that virus scanning software runs for windows programs as yet... kartik -- Anant Kartik Mithal akm@cs.uoregon.edu Research Assistant, (503)346-4408 (msgs) Department of Computer Science, (503)346-3989 (direct) University of Oregon, Eugene, OR 97403-1202