Date: Sun, 29 Aug 1999 02:44:54 -0000
Reply-To: Conchologists of America List <CONCH-L@LISTSERV.UGA.EDU>
Sender: Conchologists of America List <CONCH-L@LISTSERV.UGA.EDU>
From: ferreter <ferreter@GATE.NET>
Subject: Re: Where are we headed
Content-Type: text/plain; charset="iso-8859-1"
My reply was created directly from Pauls reply to "where are we headed". I
seriously doubt either was a virus but good heads up play there Sylvia .
will check my system and see if I can find the file . I really looks like a
Japanese translation file though. without an attached file it would have
been a dead virus anyway . remember people , only attached files
From: Sylvia S. Edwards <sylvia@HIWAAY.NET>
To: CONCH-L@LISTSERV.UGA.EDU <CONCH-L@LISTSERV.UGA.EDU>
Date: Saturday, August 28, 1999 5:56 PM
Subject: Where are we headed
>I received two e-mail via Conch-L this morning that are suspect as
>containing a virus. The first was from firstname.lastname@example.org, 8/28 received by my
>ISP at 9:51 AM CDT. The second was an answer to the first and was from
>email@example.com, 8/28, received 10:01AM CDT.
>When I opened the first of these e-mails, a box popped up saying it wanted
>to install a "Japanese Text Display Support" program of 27MB, time approx
>I quickly deleted it. then when I opened the second of these e-mails, the
>box popped up again, and attempted to start installation. I quickly
>it. I went to my deleted file to the first one and found the box was
>out that said never install these kinds of programs.
>Neither e-mail showed it had an attachment, and I feel neither were aware
>they were sending it. I went to housecall virus center and had my disk
>scanned. No virus showed up, but I am not certain it scans the deleted
>Currently, the most prevalent virus is one that attacks word processing
>programs. It comes under various names. I am pasting some information
>I just wanted to warn Conch-L subscribers to be careful and not download a
>program not mentioned in the e-mail.
>Sylvia S. Edwards
>Virus Name: W97M_TRIPLICATE
>Alias: TRIPLICATE, TRISTATE
>Virus Type: Macro
>Number of Macros: 3
>Size of Macro: 5608 bytes
>Seen in the Wild: Yes
>Detected by Scan Engine#: 2.062 or later
>Detected by Pattern File#: 518 or later
>Details: TRIPLICATE is a macro virus that can cross-infect MS WORD 97, MS
>EXCEL 97, and MS POWERPOINT 97 applications.
>In whichever application the virus is activated, be it from a Word
>an Excel spreadsheet/workbook or from a PowerPoint slide, the virus will
>- Crossing to MS-EXCEL: The virus searches for BOOK1.XLS in the MS Excel
>Startup directory. If not present the virus creates an infected workbook in
>the same directory and also disables the macro virus protection of Excel.
>The virus resides in the THISWORKBOOK stream of infected excel
>- Crossing to MS-WORD: For Word infections, the virus will check if its
>codes are present in the "ThisDocument" Stream of the Global Template
> NORMAL.DOT ). If not it will infect the global template and disable the
>macro virus protection of Word.
>- Crossing to MS-POWERPOINT: If there is no "Triplicate" module in "Blank
>Presentation.POT" Powerpoint Template, the virus will disable the macro
>virus protection of PowerPoint. It adds a viral module called "Triplicate"
>into "Blank Presentation.POT" and a basic AutoShape object that covers the
>entire slide. The viral module is linked to the AutoShape object.