Path: utzoo!attcan!uunet!dasys1!brett
From: brett@dasys1.UUCP (Brett Genger)
Newsgroups: comp.sys.apple
Subject: Re: CyberAIDS warning--a real virus (Weishaar)
Summary: Another ProDOS Virus!
Message-ID: <5729@dasys1.UUCP>
Date: 25 Jul 88 13:05:35 GMT
References: <8807201303.ab04563@SMOKE.BRL.ARPA>
Organization: The Big Electric Cat
Lines: 60


WARNING:  There is ANOTHER ProDOS Virus going around.  It is known as
          "Festering Hate", and it is really Vicious!  Just by testing
          a few System files, I almost infected my Hard Drive, but luckily
          I stopped it while it was scanning my Floppies.  I already know
          someone who was hit by this New Virus, and since they had a
          Fingerprint Card at the Time, here is the message when it
          Detonates: (Alot of Satanic Messages, and Stuff)

---Printer Dump Start

[WOP] -666-  FESTERING HATE  -666- [FOG]
 ======================================
W| The Good News: You now have a copy |F
o|  of one of the  greatest programs  |r
r|    that has ever  been created!    |i
s|  The Bad News:  It's quite likely  |e
h| that it's the only program you now |n
i|      have in your possession.      |d
p|====================================|s
p|  Hey Glen!  We sincerely hope our  |
e|  royalty checks  are in the mail!  |o
r|  Seeing how we're making you rich  |f
s|  by providing a  market for virus  |
 |        detection  software!        |G
o|====================================|l
f|Elect LORD DIGITAL as God committee!|e
 |====================================|n
P|  )/>  The Kool/Rad Alliance!  <\(  |
a| Rancid Grapefruit -- Cereal Killer |B
t|====================================|r
r| This program is made possible by a |e
i| grant  from  Pig's  Knuckle  ELITE |d
c| Research.  Orderline: 313/534-1466 |o
k======[(C) 1988 ELECTRONIC ARTS]======n

---Printer Dump End

When Tom Weishaar of Open-Apple and GEnie was Asked:
 
---Message Start

We have an independent sighting of Festering Hate. It appears to be a
modified version of CyberAIDS. However, we don't actually have a copy of it
for complete analysis. Apparently the fourth through sixth bytes of FH will
always add up to $39 (or $39 + 256 or $39 + 256 +256). These bytes in
CyberAIDS also add up to $39, but are always $13, $13, $13.
If anyone sees a copy of this one please forward it, carefully marked as to
contents, by XMODEM EMAIL, to OPEN-APPLE. Thanks.
   Tom W.

---Message End

      Anyway, just be careful, since not much is known at this time, try
not to run any ProDOS "SYS" files from your Hard Drive.  Test it out a few
times with your Hard Drive Turned OFF, and if you don't see Disk Scanning,
then it is probably Safe, But Dont get mad if it isn't, since I don't know
that much about it.

-Brett (brett@dasys1)