[TRLog] Urgent: Problem
george fremin iii
Thu, 22 May 1997 15:11:58 -0500 (CDT)
We had a virus alet from one of our TR_Log distrbution disks that
was sold during the Dayton Hamvention. The following is a letter
that will be mailed to everyone who bought a disk at Dayton.
If you know of someone who received one of these disks please
pass this info to them. This virus is NOT very harmful but
we feel it is our obligation to inform our customers.
To: TR-Log users
From: George Fremin III - K5TR
913 Ramona Street
Austin, Texas 78704
Dear TR-Log user,
First let me thank you for your purchase of TR-Log at the Dayton Hamvention.
Tree and I had a great time meeting many longtime users and all of the new
One of our users emailed us that his TR-Log distribution disk triggered
his virus program warning that it had the "AntiCMOS" virus on the disk.
I checked my computer and indeed I also had this virus. I have installed
the latest anti-virus software to help insure that this does not happen
in the future. Thankfully this virus appears to have been written by
a very poor programmer and does not pose a threat. It can however copy
itself to your hard drive and infect any floppies that you use.
Provided below is information about this virus and ways to protect your
computer from it. I regret that this infection occurred and will do all
that I can to insure that nothing like this will occur in the future.
It appears that not all of the floppies were infected with this
virus - I have one floppy that was loaded with the software at Dayton
that contains the virus and others that were made on the same machine
that do not have the virus. In the research I have done on this virus
it appears that it can only spread from the floppy to the hard drive if
the machine attempts to boot from the infected floppy. When the machine
attempts to boot from the floppy the virus is copied to the hard drive and
then upon rebooting the computer from the hard drive it will copy itself
into memory and infect other floppies. In tests that I have run on my
machine I have not been able to transfer the virus by running the TR-Log
install program. I have only been able to infect the hard drive
by attempting to boot the machine from the infected floppy disk.
If you have or think you have attempted to boot your machine from the TR-Log
floppy you may want to purchase or download some anti-virus software.
On the next page you will find some web addresses that provide more detailed
information about "AntiCMOS" and a web site with links to anti-virus
I have purchased anti-virus software to help insure that this will not
happen in the future. I did have anti-virus software on my computer but
I removed it at due to a conflict at some point and had not replaced it
proves once again that we can not let our guard down.
BTW this new package (as most do now) has features that watch the incoming
net and modem downloads as well as the disk drives so it should provide
good protection. Once again I can not express how much I regret spreading
this virus even if it has proven to be mostly harmless.
Again thank you for your support of TR-Log.
George Fremin III
Here is the information from my virus program on this virus.
Alias: Lenart, Lixi
Type: Memory-resident boot and partition sector virus.
Affects: Floppy and hard disks.
This boot and partition sector virus infects hard disk when booted from
an infected floppy. Diskettes are infected on read or write access (e.g.
DIR or COPY command)
The virus does not preserve original boot and/or partition sector - it
overwrites it with itself.
On a floppy disk access, the virus can trigger with a probability of
approximately 1/256. Then the virus attempts to patch CMOS data.
Fortunately this fails because the author of this virus failed to test
AntiCMOS.A contains the message "I am Li Xibin!".
AntiCMOS.B has no specific strings contained internally.
Here is a web site that gives more detailed information about the virus.
McAffe offers free downloads of a 30 day trial version of their
anti-virus software at this site.
Dr. Solomon's has anti-virus software also. (This is the one I bought.)
Dr. Solomon's also has a page of links to other anti-virus vendors.
And Norton's anti-virus software can be found here.
George Fremin III
Austin, Texas C.K.U. "I'm on a mexican radio"
K5TR - Wall of Voodoo
FAQ on WWW: http://www.contesting.com/trlogfaq.html
Administrative requests: trlog-REQUEST@contesting.com