home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Tools & Utilities
/
Collection of Tools and Utilities.iso
/
comm
/
dsztroj.zip
/
DSZTROJ.TXT
next >
Wrap
Text File
|
1989-03-03
|
10KB
|
267 lines
Date: 03-02-89 (18:18) Number: 7706
To: SAMUEL SMITH Refer#: 7704
From: FRED CLARK Read: 03-03-89 (18:15)
Subj: "VIRUS" Status: RECEIVER ONLY
I know Sam. At this point we are not sure of what is going on with the
two sysops involved. As ytou indicate, one lost his '\pcb' location
several times, the other his root.
However, their comments as to what program they were running does not
necessary correlate to the problem - since the damage may have occured
at some other point in time.
We are trying to obtain more information from them on what they have
installed on their systems recently - since at this point it appears to
be isolated to only those two people.
Hopefully someone is not spreading some hacked code which is doing
system damage.
Fred
Date: 03-03-89 (06:10) Number: 7707
To: SAMUEL SMITH Refer#: 7704
From: DAVID TERRY Read: NO
Subj: "VIRUS" Status: RECEIVER ONLY
Sam,
The trojan appears to be a DSZ module dated 1/17/89. See further
information in the support conference.
«« David W. Terry »»
Date: 03-03-89 (17:50) Number: 7716
To: SYSOP Refer#: NONE
From: ROBERT BLACHER Read: NO
Subj: DSZGOOD.ZIP Status: PUBLIC MESSAGE
DSZGOOD.ZIP is really DSZ0223.ZIP, but you already have a file by that
name on the system. In light of the messages in the support conference,
I've sent this along anyway as I *know* it's an untampered-with copy --
our Xenix machine polls Omen daily and got this copy directly from him.
So, I'd suggest you purge the 4-5 copies of DSZ sitting on your dir 9,
rename this one, and hopefully that will be the end of this latest
"virus" scare.
Date: 03-03-89 (05:45) Number: 56816
To: MILES LESTER Refer#: 56808
From: DAVID TERRY Read: 03-03-89 (15:44)
Subj: HELP! Status: PUBLIC MESSAGE
Miles,
We've had several people here confirm that they are using DSZ dated
1/17/89 ... and the description seems to be the same so far -- the files
are wiped out AFTER a DSZ file transfer. I would recommend that you
replace your DSZ and see if that cures the problem.
«« David W. Terry »»
Date: 03-03-89 (00:56) Number: 56820
To: SYSOP Refer#: NONE
From: KEVIN FONG Read: 03-03-89 (09:02)
Subj: CONFIRMED DSZ TROJAN Status: PUBLIC MESSAGE
I have uploaded the trojan DSZ file as DSZTROJ.ARC. Take a look at it.
It will delete any subdirectory it is called from, as well as delete the
root directory (including hidden files such as Paul Mace's BACKUP.M_U.
You must execute it with command line params while connected. Executing
it locally doesn't seem to trigger it.
It will not "go off" prior to 3/2/89 at 7am, nor will it "go off" on
3/3/89, so it may be limited to one day (who knows?).
---------------
One other user just reported losing 18 megs on his system after running
his release of DSZ (a REGISTERED version!).
Kevin.
Date: 03-03-89 (07:53) Number: 56826
To: MICHAEL CLEVERLY Refer#: 56822
From: DAVID TERRY Read: NO
Subj: CAUTION ... Status: PUBLIC MESSAGE
Michael,
It appears to be a copy of DSZ dated 1/17/89 that might be creating all
of the havoc ... please check your files and see if you too are using
this program.
«« David W. Terry »»
Date: 03-03-89 (10:19) Number: 56847
To: ALL Refer#: NONE
From: FRED CLARK Read: HAS REPLIES
Subj: CAUTION Status: PUBLIC MESSAGE
As a follow up to the previous CAUTION message. A pattern appears to be
developing in that sysops who are having the problem of wiped out drive
locations are all experiencing the problem when using the 01/27/89
version of DSZ.COM.
If you are using that version of the program, we suggest you consider
removing it from your system and replacing it with a different version
of the program - since it may be that a corrupted or hacked version of
that module is being passed around.
Again, we urge eveyone to use caution when installing new PD programs on
their system to insure the reliability of the source location of the
file.
Fred
Date: 03-03-89 (10:24) Number: 56849
To: FRED CLARK Refer#: 56847
From: CARL EVANS Read: 03-03-89 (10:51)
Subj: CAUTION Status: PUBLIC MESSAGE
1-29-89? or 1-17-89? All of the previous messages referred to the 1-17
DSZ, but your message pointed at 1-29. Which one is the trojan or is it
both?
Carl
Date: 03-03-89 (10:51) Number: 56853
To: CARL EVANS Refer#: 56849
From: FRED CLARK Read: NO
Subj: CAUTION Status: PUBLIC MESSAGE
Carl - I goofed on the other messages. It shoudl be the 01/29/89
version.
Fred
Date: 03-03-89 (13:56) Number: 56860
To: FRED CLARK Refer#: 56835
From: MARK TURNER Read: 03-03-89 (14:10)
Subj: 'VIRUS' Status: PUBLIC MESSAGE
I'm at work now but will get it this evening and let you know... For
the time being I have gone back to a DSZ dated 9/something/88
I did do some testing and found if I used the 1/17/89 version straight
out of the package it was OK, if I registered it then the problem
occured... Thanks again...
Date: 03-03-89 (15:23) Number: 56869
To: MARK TURNER Refer#: 56860
From: RAY CRAMER Read: NO
Subj: 'VIRUS' Status: PUBLIC MESSAGE
Mark,
I lost my files too and see to be running a version between 1-17 and
2-09 . I am too a registered user and I think the 2-09 is when I put my
number into the program.
Ray Cramer == > SysOp of "The DogHouse BBS" (713) 422-3146 Baytown,Tx
Date: 03-03-89 (15:41) Number: 56871
To: FRED CLARK Refer#: 56758
From: MARK HICKS Read: 03-03-89 (15:43)
Subj: CAUTION ... Status: PUBLIC MESSAGE
I too just yesterday had all non-read-only files erased in my ROOT dir,
as well as some other *.exe files (like zdoor.exe); however i saw the
message fatal error
system error ( 53 9365 )
pcboard fatal 0 9365
strange, huh?
Date: 03-03-89 (15:42) Number: 56872
To: ALL Refer#: NONE
From: FRED CLARK Read: HAS REPLIES
Subj: CAUTION - CONTINUED! Status: PUBLIC MESSAGE
Folks - this wiping out of drives is really getting serious! It seems
that there may be a wide variation of dates involved here - but all seem
to be centered around later versions of DSZ.
Due to the fact that some dates may be different based on the type of
download performed to obtain the file (i.e. an XMODEM, etc. downlod
would produce a new date, where a DSZ download would preserve the
original date), we caution all of you to try and obtain a 'known' good
working copy of DSZ from any source.
We will post the version we are currently using here (although it is
very, very old), in the event some of you wish to use it instead of one
of the later versions.
Fred
Date: 03-03-89 (15:43) Number: 56873
To: MARK HICKS Refer#: 56871
From: FRED CLARK Read: 03-03-89 (15:46)
Subj: CAUTION ... Status: PUBLIC MESSAGE
Well - that error message is simply a result of all the files being
wiped out after whatever it is is doing it's dirty work. At the point
all of the files are gone, PCBoard will return the error message - since
many of the files ne