WITH GREAT APOLOGIES FOR ANY AND ALL CROSS-POSTINGS.
This message was originally posted to a list and one of my co-workers
asked me about it. I had her forward it to Indiana University's gurus,
and they've validated the warning and added some extra info. Their e-mail
address is at the end of the message if you have further questions.
Cindy Ballard
Assistant Acquisitions Editor
Indiana University Press
(812) 855-8699
- - - - - - - - - - - -
| [log in to unmask] |
- - - - - - - - - - - -
---------- Forwarded message ----------
Date: Thu, 30 May 1996 17:22:41 -0500 (EST)
From: Support Center IMU M084 5-6789 M-F 8-5 <[log in to unmask]>
Subject: Re: virus (fwd)
**** Our reply is at the end of this message. ****
---- Message 1/2: Your original note ----
Subject: NEW VIRUS!
Importance: High
ATTENTION FOLKS!!
A new Windows virus has been reported.. It is called the "Tentacle" virus.
It apparently originated from the internet on the alt.cracks newsgroup,
attached to a posted file called DOGZCODE.ZIP. It is a direct action
virus which infects Windows programs. Each time an infected program is
run, one file in the current directory becomes infected, followed by two
files in the Windows directory. The payload acts between midnight and
quarter past midnight.
A program that becomes infected within this time has it's standard icon
changed to an icon of a tentacle. This change is not immediately obvious.
It is not until you attempt to change the icon, delete icons in the
program group and attempt to replace them, or if you run and minimize the
program that the tentacle icon will display itself. It is not know as of
now whether the IBM Anti-virus program will detect (or clean) this virus.
We are attempting to confirm this now.
PLEASE DO NOT OPEN ANY FILE NAMED DOGZCODE.ZIP!!
---- Message 2/2: Reply from ucshelp ----
Hello,
Yes, this is a real virus that is floating around. Here is some
additional information from the symantec website (they produce some pretty
good anti virus software). Like any virus, you would only be at risk to
get it if you download executable software from Internet sites or public
computers and run them on your computer without any safety precautions.
TENTACLE
Aliases: none
Infection Length: 1,958 bytes
Area of Infection: Windows 3.1 .EXE Files
Likelihood: Common
Region Reported: US, UK, and Germany
Keys: Direct Infector, Windows 3.1
_________________________________________________________________
Technical Notes:
The Tentacle virus is one of the first viruses to specifically target
Windows executable files. This only infects programs written for
16-bit versions of Windows by direct infection. It does not go memory
resident - it loads, infects other files, and passes control back to
the host file.
Tentacle contains no destructive payload. It only reproduces by
infecting other files.
Tentacle first attempts to infect files in the directory where the
host file is run from. After it has attempted to infect files in that
directory, it attempts to infect files in the Windows directory.
This virus will only infect files with the extension .EXE which are
true 16-bit Windows executable files (Windows 3.11 and earlier
versions). The Tentacle virus infects almost all NE files it finds.
Tentacle contains the following text approximately 1,950 bytes from
the end of an infected file, although it is never displayed:
C:\TENTACLE.$$$
C:\WINDOWS\*.
The Symantec AntiVirus Research Center would like to emphasize the
following:
* Currently, several of our customers have reported being infected
with the Tentacle virus.
* At this time, it is considered in general distribution by the
anti-virus community.
-------------------------------------------------------
Please contact us if you have additional questions or need assistance.
Dan
UCS Support Center, Electronic Mail Consulting
When you have an urgent question please feel free to call us at
(812) 855-6789, M-F 8am-5pm. You can also make an appointment
to meet with a consultant at IMU M084 M-F 8am-5pm, or arrange for
an Office Call by calling the number listed above.
|