CONCH-L Archives

Conchologists List

CONCH-L@LISTSERV.UGA.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Content-Transfer-Encoding:
7bit
Sender:
Conchologists of America List <[log in to unmask]>
Subject:
Re: Where are we headed
From:
ferreter <[log in to unmask]>
Date:
Sun, 29 Aug 1999 02:44:54 -0000
Content-Type:
text/plain; charset="iso-8859-1"
MIME-Version:
1.0
Reply-To:
Conchologists of America List <[log in to unmask]>
Parts/Attachments:
text/plain (78 lines) 
My reply was created directly from Pauls reply to "where are we headed". I
seriously doubt either was a virus but good heads up play there Sylvia .
will check my system and see if I can find the file . I really looks like a
Japanese translation file though. without an attached file it would have
been a dead virus anyway . remember people , only attached files
kill,,,,,,,!
-----Original Message-----
From: Sylvia S. Edwards <[log in to unmask]>
To: [log in to unmask] <[log in to unmask]>
Date: Saturday, August 28, 1999 5:56 PM
Subject: Where are we headed


>I received two e-mail via Conch-L this morning that are suspect as
>containing a virus.  The first was from [log in to unmask], 8/28 received by my
>ISP at 9:51 AM CDT.  The second was an answer to the first and was from
>[log in to unmask], 8/28, received 10:01AM CDT.
>
>When I opened the first of these e-mails, a box popped up saying it wanted
>to install a "Japanese Text Display Support" program of 27MB, time approx
23
>minutes.
>
>I quickly deleted it.  then when I opened the second of these e-mails, the
>box popped up again, and attempted to start installation.  I quickly
deleted
>it.  I went to my deleted file to the first one and found the box was
greyed
>out that said never install these kinds of programs.
>
>Neither e-mail showed it had an attachment, and I feel neither were aware
>they were sending it.  I went to housecall virus center and had my disk
>scanned.  No virus showed up, but I am not certain it scans the deleted
>e-mail file.
>
>Currently, the most prevalent virus is one that attacks word processing
>programs.  It comes under various names.  I am pasting some information
>about them.
>
>I just wanted to warn Conch-L subscribers to be careful and not download a
>program not mentioned in the e-mail.
>
>Sylvia S. Edwards
>Huntsville, Alabama
>[log in to unmask]
>
>Virus Name: W97M_TRIPLICATE
>Alias: TRIPLICATE, TRISTATE
>Virus Type: Macro
>Platform: Windows
>Number of Macros: 3
>Encrypted: No
>Size of Macro: 5608 bytes
>Seen in the Wild: Yes
>Detected by Scan Engine#: 2.062 or later
>Detected by Pattern File#: 518 or later
>Details: TRIPLICATE is a macro virus that can cross-infect MS WORD 97, MS
>EXCEL 97, and MS POWERPOINT 97 applications.
>In whichever application the virus is activated, be it from a Word
document,
>an Excel spreadsheet/workbook or from a PowerPoint slide, the virus will
>cross-infect.
>- Crossing to MS-EXCEL: The virus searches for BOOK1.XLS in the MS Excel
>Startup directory. If not present the virus creates an infected workbook in
>the same directory and also disables the macro virus protection of Excel.
>The virus resides in the THISWORKBOOK stream of infected excel
>spreadsheet/workbook.
>- Crossing to MS-WORD: For Word infections, the virus will check if its
>codes are present in the "ThisDocument" Stream of the Global Template
> NORMAL.DOT ). If not it will infect the global template and disable the
>macro virus protection of Word.
>- Crossing to MS-POWERPOINT: If there is no "Triplicate" module in "Blank
>Presentation.POT" Powerpoint Template, the virus will disable the macro
>virus protection of PowerPoint. It adds a viral module called "Triplicate"
>into "Blank Presentation.POT" and a basic AutoShape object that covers the
>entire slide. The viral module is linked to the AutoShape object.
>

ATOM RSS1 RSS2