Board index » delphi » VIRUS WARNING - THIS ONE'S FOR REAL

VIRUS WARNING - THIS ONE'S FOR REAL

This is a multi-part message in MIME format.

--------------560706F5F82
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

x-no-archive: yes

  April 23, 1997

  NEW VIRUS WARNING: Bong Virus

  Be careful on sites appearing on this newsgroup  inviting  you to
  download software. I generally avoid executables, but I picked up
  a {*word*193} one. It is very contagious, and announces itself with

   "Why can't we just do a bong"

  or something similar. It  eventually  corrupts  smartdrv.exe, and
  hangs the system when you try to boot.

  I found it quite difficult to get rid of. McAfee and F-PROT can't
  find it, and I forgot to write-protect my boot disk.

  The  only  thing  that saved me was I keep a backup computer with
  all  the  critical files, so I was  able  to  overwrite  all  the
  infected files.  But  I  still  don't  know  for sure if it's not
  hiding in some ZIP  file  somewhere,  and  I haven't the faintest
  idea which site I downloaded it from.

  Here is a message from F-PROT, along with a USER  file containing
  a search string that will find  the  virus. But you have to write
  over the infected files with clean versions to get rid of it.

  -----------------------------------------------------------------
  Subject: Re: THE BONG VIRUS
     Date: Wed, 23 Apr 1997 10:55:41 -0200
     From: Peter Szor <Peter.S...@datafellows.com>
       To: Mike Monett
       CC: samp...@DataFellows.com

  > The BONG virus - McAfee and F-PROT can't find it.

  It is from the same guy who wrote the Weed  viruses.  He wrote at
  least 6 different viruses using C and LZEXE for packing  them. In
  the last 3 days I received 3 different format of HLLP.5580.

  In  my  next message I will send  a  user.zip  which  contains  a
  user.def. Please use this  with  F-PROT's  /USER switch (copy the
  file to F-PROT's location first).

  Where  did  you  get  the  original file. I guess you  downloaded
  something  from the NET, because such a  buggy  virus  could  not
  spread so far without the NET.

  p.s: We  can  not  fix  the  corrupted  cases anyhow, you have to
  reinstall  the  programs  which  are  not  working   after  using
  user.def.

  Best,
  Peter

  Peter.S...@DataFellows.com, World-Wide Web http://www.DataFellows.com
  -----------------------------------------------------------------

  The USER.DEF file is very short and attached as a ZIP file.

Best Regards,

Mike Monett

--------------560706F5F82
Content-Type: application/zip
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="USER.ZIP"

UEsDBBQAAAAIAKBUlyLkhE5FTwAAAIQAAAAIAAAAVVNFUi5ERUZzdlXw8PEJ0DO1MDXQc+Tl
cnI2dHVydrUwMDUAIhNDUxMTCzc3C3NjF1NHY2NnA14uFB1OIB0GJm6GILVuboZuIPUQtWgq
nZFVIlSBTAQAUEsBAhQAFAAAAAgAoFSXIuSETkVPAAAAhAAAAAgAAAAAAAAAAQAgAAAAAAAA
AFVTRVIuREVGUEsFBgAAAAABAAEANgAAAHUAAAAAAA==
--------------560706F5F82--

 

Re:VIRUS WARNING - THIS ONE'S FOR REAL


This is a multi-part message in MIME format.

--------------29FD45DD622C
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

x-no-archive: yes

I found the file containing the Bong virus, and sent the following to
Keith at SimTel:

  April 23, 1997

  SimTel.Net

  Keith,

  The following upload contains the  Bong virus. It is not detected
  by McAfee or F-PROT. I am including information on the  damage it
  causes and a USER.DEF file from F-PROT to get rid of it.

  ----------------------------------------------------------------
  I have uploaded to Simtel.Net:

  http://www.simtel.net/pub/simtelnet/msdos/graphics/piconv1.zip
  ftp://ftp.simtel.net/pub/simtelnet/msdos/graphics/piconv1.zip

  piconv1.zip Image conversion utility

  Convert from any number of CDR, GIF, TGA,  PCX,  JPG,  to  name a
  few. Conversion is supported to and from those  and  several more
  formats. Simple interface to convert files quickly. Any size file
  is  easily  converted.  Auto-detection  routines   simplify  file
  conversion.

  Special requirements: None.

  Shareware.  Uploaded by the author.

  Brian Grahm, WiredSoftWare WiredS...@juno.com
  ----------------------------------------------------------------

My apologies to those who provide good source on their web sites, but
from now on, that's all I will look for - no executables.

Best Regards,

Mike Monett

--------------29FD45DD622C
Content-Type: application/zip
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="USER.ZIP"

UEsDBBQAAAAIAKBUlyLkhE5FTwAAAIQAAAAIAAAAVVNFUi5ERUZzdlXw8PEJ0DO1MDXQc+Tl
cnI2dHVydrUwMDUAIhNDUxMTCzc3C3NjF1NHY2NnA14uFB1OIB0GJm6GILVuboZuIPUQtWgq
nZFVIlSBTAQAUEsBAhQAFAAAAAgAoFSXIuSETkVPAAAAhAAAAAgAAAAAAAAAAQAgAAAAAAAA
AFVTRVIuREVGUEsFBgAAAAABAAEANgAAAHUAAAAAAA==
--------------29FD45DD622C--

Other Threads