
                   aSSauLT releasing viruses?
                --------------------------------------

  Time bandit is back at it. Any oppetunity he gets to attempt to
 flame me he takes without looking or asking as to what has actually
 happened.

  The burgalar virus actually came from TDZ, in a game called Iron Blood
 (The 3 disk game mentioned in that fiodnet virus echo), I ran Iron Blood,
 and then booted my board from the machine i ran it on and it infected
 RA.EXE and a few other files. It wasnt reconised by Feb's F-PRoT so i
 went and got the latest version and it zapped it, and then had to
 reinstall RA because the filesize had been altered during infection
 and after it had been cleaned.
 
  Now, It did NOT infect any archives (ie UCF*.ZIP) when it was in my hands
 The reason the UCF releases were infected were because Lando hasn't got
 a decent virus scanner for his board (he proabaly didnt scan Iron blood
 for viruses anyway if theyd be put on locally) and i expect he also ran
 Iron Blood on his pc, so hes probably infected to hell with Burgalar at
 this time.

  The Houze* and Tetten* files were never unarchived or ran or on my board
 (I got hold of the UCF*.ZIP archives a few days after id nuked the burgalar).

  Time Bandit, instead of blaming everything on aSSauLT in an attempt to 
 look like i'm some cunt spreading viruses. do yer homework ya dick.

   -aSSauLT

 Time bandits patronising bolux ("dont panic!" etc.) follows :

---


                         BURGLAR VIRUS INFECTION
                         -----------------------

Right this is no bullshit!!

I just got infected with the Burglar Virus.

I have tracked it down to three files uploaded to DemoZone by Assault of
The Fatal Reality.

Name of the files:

UCFGW11U.ZIP
UCFMAILC.ZIP
UCFRALRM.ZIP

They all include the followimg 2 files:
HOUZE95.EXE      10773     10139  Deflated   1995/07/31 22:11  1C6D8324
TETTEN.EXE        6120      5904  Deflated   1995/08/19 21:31  BACD9EB9

These are the infected files!

See the FILE_LST.DZ which is a capture from DZ which gives full details of
these archives.

This is a catalogue of a zip which is UNINFECTED (for comparison):

      Zip file: UCFGIFCN.ZIP             16-04-96  7:30:08 pm  Page 1


            8 files using 52,031 bytes

            FILE_ID .DIZ      392 .a.. 16-03-96 10:53:06 pm 
            HOSTESS .TXT    4,390 .a.. 03-07-95  7:42:38 pm 
            HOUZE95 .EXE    9,623 .a.. 31-07-95 10:10:14 pm 
            K-E-W-L .HPA       75 .a.. 15-04-96  3:47:08 am 
            MCC     .WHQ      704 .a.. 21-03-96 10:39:26 pm 
            TETTEN  .EXE    4,970 .a.. 19-08-95  9:31:16 pm 
            UCF96   .COM   16,022 .a.. 16-03-96 11:01:46 pm 
            UCF96   .NFO   15,855 .a.. 16-03-96 11:01:06 pm 


WHAT CAN YOU DO IF YOU THINK YOU ARE INFECTED
=============================================

Don't panic!
Switch off your machine straight away!!
Boot from a clean floppy disk with the WRITE disabled!!
Run F-Prot 2.22 March '96 with the  /ALL option to scan all files.
Also set the action to Disinfect/Query.
Let F-Prot disinfect the files.

F-PROT 2.22 scan does detect and disinfect it!
VIRSTOP does NOT detect it.
It DOES not just infect files with the .EXE extension!

If you run RA and it is infected it will abort saying please register.
If RA if affected you will have to replace RA.EXE (and maybe RA.OVR)

For more info read the FIDONET.VIR enclosed with messages on Burglar.

Call me at Dark Shadows if you got any problems.
You can get all the latest anti-virus software from Dark Shadows
 *[yeah but youll have to wait till 10pm before it opens and hope no one
else is online at that time, just get it any time of the day from TFR
- aSSauLT]*  as free downloads!

cyer

Ti/\/\E Ba/\/DiT
16-04-96


PS. Dark Shadows is back up running cause it has the best Anti-Virus
protection available which caught it before any serious damage was done.
All files are clean and the situation has been contained :)

---
[woopie doo! eh? -aSSauLT]



