CONCH-L archives -- August 1999, week 4 (#208)

Date: Sun, 29 Aug 1999 02:44:54 -0000 Reply-To: Conchologists of America List <CONCH-L@LISTSERV.UGA.EDU> Sender: Conchologists of America List <CONCH-L@LISTSERV.UGA.EDU> From: ferreter <ferreter@GATE.NET> Subject: Re: Where are we headed Content-Type: text/plain; charset="iso-8859-1"

My reply was created directly from Pauls reply to "where are we headed". I seriously doubt either was a virus but good heads up play there Sylvia . will check my system and see if I can find the file . I really looks like a Japanese translation file though. without an attached file it would have been a dead virus anyway . remember people , only attached files kill,,,,,,,! -----Original Message----- From: Sylvia S. Edwards <sylvia@HIWAAY.NET> To: CONCH-L@LISTSERV.UGA.EDU <CONCH-L@LISTSERV.UGA.EDU> Date: Saturday, August 28, 1999 5:56 PM Subject: Where are we headed

>I received two e-mail via Conch-L this morning that are suspect as >containing a virus. The first was from paulc@gol.com, 8/28 received by my >ISP at 9:51 AM CDT. The second was an answer to the first and was from >ferreter@gate.net, 8/28, received 10:01AM CDT. > >When I opened the first of these e-mails, a box popped up saying it wanted >to install a "Japanese Text Display Support" program of 27MB, time approx 23 >minutes. > >I quickly deleted it. then when I opened the second of these e-mails, the >box popped up again, and attempted to start installation. I quickly deleted >it. I went to my deleted file to the first one and found the box was greyed >out that said never install these kinds of programs. > >Neither e-mail showed it had an attachment, and I feel neither were aware >they were sending it. I went to housecall virus center and had my disk >scanned. No virus showed up, but I am not certain it scans the deleted >e-mail file. > >Currently, the most prevalent virus is one that attacks word processing >programs. It comes under various names. I am pasting some information >about them. > >I just wanted to warn Conch-L subscribers to be careful and not download a >program not mentioned in the e-mail. > >Sylvia S. Edwards >Huntsville, Alabama >sylvia@HiWAAY.net > >Virus Name: W97M_TRIPLICATE >Alias: TRIPLICATE, TRISTATE >Virus Type: Macro >Platform: Windows >Number of Macros: 3 >Encrypted: No >Size of Macro: 5608 bytes >Seen in the Wild: Yes >Detected by Scan Engine#: 2.062 or later >Detected by Pattern File#: 518 or later >Details: TRIPLICATE is a macro virus that can cross-infect MS WORD 97, MS >EXCEL 97, and MS POWERPOINT 97 applications. >In whichever application the virus is activated, be it from a Word document, >an Excel spreadsheet/workbook or from a PowerPoint slide, the virus will >cross-infect. >- Crossing to MS-EXCEL: The virus searches for BOOK1.XLS in the MS Excel >Startup directory. If not present the virus creates an infected workbook in >the same directory and also disables the macro virus protection of Excel. >The virus resides in the THISWORKBOOK stream of infected excel >spreadsheet/workbook. >- Crossing to MS-WORD: For Word infections, the virus will check if its >codes are present in the "ThisDocument" Stream of the Global Template > NORMAL.DOT ). If not it will infect the global template and disable the >macro virus protection of Word. >- Crossing to MS-POWERPOINT: If there is no "Triplicate" module in "Blank >Presentation.POT" Powerpoint Template, the virus will disable the macro >virus protection of PowerPoint. It adds a viral module called "Triplicate" >into "Blank Presentation.POT" and a basic AutoShape object that covers the >entire slide. The viral module is linked to the AutoShape object. >

Back to: Top of message | Previous page | Main CONCH-L page

listserv.uga.edu
Enterprise Information Technology Services
The University of Georgia
listhelp@uga.edu