LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (August 1999, week 4)Back to main CONCH-L pageJoin or leave CONCH-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:   Sat, 28 Aug 1999 13:02:35 -0500
Reply-To:   Conchologists of America List <CONCH-L@LISTSERV.UGA.EDU>
Sender:   Conchologists of America List <CONCH-L@LISTSERV.UGA.EDU>
From:   "Sylvia S. Edwards" <sylvia@HIWAAY.NET>
Subject:   Where are we headed
Content-Type:   text/plain; charset="iso-8859-1"

I received two e-mail via Conch-L this morning that are suspect as containing a virus. The first was from paulc@gol.com, 8/28 received by my ISP at 9:51 AM CDT. The second was an answer to the first and was from ferreter@gate.net, 8/28, received 10:01AM CDT.

When I opened the first of these e-mails, a box popped up saying it wanted to install a "Japanese Text Display Support" program of 27MB, time approx 23 minutes.

I quickly deleted it. then when I opened the second of these e-mails, the box popped up again, and attempted to start installation. I quickly deleted it. I went to my deleted file to the first one and found the box was greyed out that said never install these kinds of programs.

Neither e-mail showed it had an attachment, and I feel neither were aware they were sending it. I went to housecall virus center and had my disk scanned. No virus showed up, but I am not certain it scans the deleted e-mail file.

Currently, the most prevalent virus is one that attacks word processing programs. It comes under various names. I am pasting some information about them.

I just wanted to warn Conch-L subscribers to be careful and not download a program not mentioned in the e-mail.

Sylvia S. Edwards Huntsville, Alabama sylvia@HiWAAY.net

Virus Name: W97M_TRIPLICATE Alias: TRIPLICATE, TRISTATE Virus Type: Macro Platform: Windows Number of Macros: 3 Encrypted: No Size of Macro: 5608 bytes Seen in the Wild: Yes Detected by Scan Engine#: 2.062 or later Detected by Pattern File#: 518 or later Details: TRIPLICATE is a macro virus that can cross-infect MS WORD 97, MS EXCEL 97, and MS POWERPOINT 97 applications. In whichever application the virus is activated, be it from a Word document, an Excel spreadsheet/workbook or from a PowerPoint slide, the virus will cross-infect. - Crossing to MS-EXCEL: The virus searches for BOOK1.XLS in the MS Excel Startup directory. If not present the virus creates an infected workbook in the same directory and also disables the macro virus protection of Excel. The virus resides in the THISWORKBOOK stream of infected excel spreadsheet/workbook. - Crossing to MS-WORD: For Word infections, the virus will check if its codes are present in the "ThisDocument" Stream of the Global Template NORMAL.DOT ). If not it will infect the global template and disable the macro virus protection of Word. - Crossing to MS-POWERPOINT: If there is no "Triplicate" module in "Blank Presentation.POT" Powerpoint Template, the virus will disable the macro virus protection of PowerPoint. It adds a viral module called "Triplicate" into "Blank Presentation.POT" and a basic AutoShape object that covers the entire slide. The viral module is linked to the AutoShape object.

Back to: Top of message | Previous page | Main CONCH-L page
listserv.uga.edu
Enterprise Information Technology Services
The University of Georgia
listhelp@uga.edu