[TRLog] Urgent: Problem

george fremin iii geoiii@bga.com
Thu, 22 May 1997 15:11:58 -0500 (CDT)


Hi,

We had a virus alet from one of our TR_Log distrbution disks that
was sold during the Dayton Hamvention.  The following is a letter
that will be mailed to everyone who bought a disk at Dayton.
If you know of someone who received one of these disks please 
pass this info to them.  This virus is NOT very harmful but
we feel it is our obligation to inform our customers.  




To:   TR-Log users

From: George Fremin III - K5TR
      913 Ramona Street
      Austin, Texas 78704
      512-416-7010
      geoiii@bga.com



Dear TR-Log user,

First let me thank you for your purchase of TR-Log at the Dayton Hamvention.  
Tree and I had a great time meeting many longtime users and all of the new
users. 


One of our users emailed us that his TR-Log distribution disk triggered
his virus program warning that it had the "AntiCMOS" virus on the disk.
I checked my computer and indeed I also had this virus.  I have installed
the latest anti-virus software to help insure that this does not happen
in the future.  Thankfully this virus appears to have been written by
a very poor programmer and does not pose a threat.  It can however copy
itself to your hard drive and infect any floppies that you use. 
Provided below is information about this virus and ways to protect your 
computer from it.  I regret that this infection occurred and will do all
that I can to insure that nothing like this will occur in the future. 

It appears that not all of the floppies were infected with this 
virus - I have one floppy that was loaded with the software at Dayton 
that contains the virus and others that were made on the same machine 
that do not have the virus.  In the research I have done on this virus 
it appears that it can only spread from the floppy to the hard drive if 
the machine attempts to boot from the infected floppy.  When the machine 
attempts to boot from the floppy the virus is copied to the hard drive and 
then upon rebooting the computer from the hard drive it will copy itself 
into memory and infect other floppies.  In tests that I have run on my 
machine I have not been able to transfer the virus by running the TR-Log
 install program.  I have only been able to infect the hard drive 
by attempting to boot the machine from the infected floppy disk. 

If you have or think you have attempted to boot your machine from the TR-Log 
floppy you may want to purchase or download some anti-virus software.  
On the next page you will find some web addresses that provide more detailed
information about "AntiCMOS" and a web site with links to anti-virus 
software sites. 

I have purchased anti-virus software to help insure that this will not
happen in the future.  I did have anti-virus software on my computer but 
I removed it at due to a conflict at some point and had not replaced it
proves once again that we can not let our guard down.  
BTW this new package (as most do now) has features that watch the incoming
net and modem downloads as well as the disk drives so it should provide 
good protection.  Once again I can not express how much I regret spreading
 this virus even if it has proven to be mostly harmless. 

Again thank you for your support of TR-Log. 




George Fremin III 
K5TR
geoiii@bga.com














 
Here is the information from my virus program on this virus.

AntiCMOS

Alias: Lenart, Lixi

Type:  Memory-resident boot and partition sector virus.

Affects:  Floppy and hard disks.

Description:
This boot and partition sector virus infects hard disk when booted from
an infected floppy. Diskettes are infected on read or write access (e.g.
DIR or COPY command)

The virus does not preserve original boot and/or partition sector - it
overwrites it with itself.

On a floppy disk access, the virus can trigger with a probability of
approximately 1/256.  Then the virus attempts to patch CMOS data.
Fortunately this fails because the author of this virus failed to test
it properly.  

AntiCMOS.A contains the message  "I am Li Xibin!".  

AntiCMOS.B has no specific strings contained internally.


Here is a web site that gives more detailed information about the virus.

http://www.virusbtn.com/VirusInformation/anticmos.html

McAffe offers free downloads of a 30 day trial version of their 
anti-virus software at this site.

http://www.mcafee.com/leads/evallead.html

 
Dr. Solomon's has anti-virus software also.  (This is the one I bought.)

http://www.drsolomon.com/software/

Dr. Solomon's also has a page of links to other anti-virus vendors.

http://www.drsolomon.com/links/avvendor.html

And Norton's anti-virus software can be found here.

http://www.symantec.com/



-- 

George Fremin III
Austin, Texas C.K.U.            "I'm on a mexican radio"
K5TR                                           - Wall of Voodoo
512/416-7010              
geoiii@bga.com

--
FAQ on WWW:               http://www.contesting.com/trlogfaq.html
Submissions:              trlog@contesting.com
Administrative requests:  trlog-REQUEST@contesting.com
Problems:                 owner-trlog@contesting.com