Path: utzoo!attcan!uunet!lll-winken!ames!mailrus!wasatch!cs.utexas.edu!rutgers!att!holin!doc
From: doc@holin.ATT.COM (David Mundhenk)
Newsgroups: comp.binaries.ibm.pc.d
Subject: What is trek.exe doing
Keywords: chk4bomb virus paranoia
Message-ID: <324@holin.ATT.COM>
Date: 12 Jan 89 19:20:53 GMT
Organization: AT&T DSG Holmdel NJ USA
Lines: 60


This is a portion of the output from "chk4bomb.exe" when run
on "trek.exe" from the recent "egatrek" posting in 
comp.binaries.ibm.pc.

Several of us here think this is a little suspicious and would
like some other opinions on this, possibly even from the author.
The part "dir c:\*.exe...." is strange, to say the least.
Any explanations?
#################################################################

[]  CHECKING FOR BOMBS AND ASCII CHARACTERS IN FILE TREK.EXE.
[]  
[]  Note that some machine code will print as ASCII characters and
[]  appear as gibberish....other ASCII strings in the program will
[]  be readable. Most programs have the code first, followed by data.
[]  
[]  CHECKING 147120 BYTES
[]  
[]  EXE file...skipping header of 15024 bytes.
[]  
[]  [....stuff deleted...]
[]  
[]  EGA Trek
[]  NCC-17018Hint: Never warp with your shields up. It wastes energy.
[]  Live long and prosper.)Hint: Always use PhoTorps at close range.
[]  ;May the great bird of the galaxy roost on your home planet.
[]  :Hint: Mine for spare dilithium crystals whenever possible.U
[]  @RSP
[]  @RSP
[]  C:\> dir *.exe
[]   Volume in drive C is HARDDISK
[]   Directory of  C:\
[]	'TSRTEST  EXE     7520  12-01-87  12:52p
[]  	'123      COM   129480   4-28-88   7:46a
[]	'MW       EXE    99030   7-13-86   5:00p
[] 	'INSTALL  EXE     1024   1-01-80  12:00a
[]	&        4 File(s)   2947072 bytes free
[]  C:\> _U
[]  BGI Triplex font  V100 - 19 October 1987
[]  Copyright (c) 1987 Borland International
[]  TRIP
[]  BGI Device Driver (EGA/VGA)  V1.00 - 31 September 1987
[]  Copyright (c) 1987 Borland International
[]  640 x 200 EGA
[]  640 x 350 EGA
[]  640 x 480 VGA
[]  640 X 350 EGA MONO
[]  
[]  [...more stuff deleted...]
[]  
[]  ****WARNING****
[]  This program uses the ROM BIOS routines for direct disk access.
[]  This program COULD format a disk or write to certain sectors without
[]  updating the directory or File Allocation Table.
[]  DO NOT RUN this program until checked by an expert, unless you
[]  are familiar with the author or company.
[]  
[]  
[]  <END OF FILE>  147120 Bytes in file were read.