Mudcat Café message #346661

The Mudcat Café ^TM
Thread #28055 Message #346661
Posted By: Abby Sale
25-Nov-00 - 03:04 PM
Thread Name: A Virus named Bruce
Subject: A Virus named Bruce

Ah... 12 years on the 'net and my very first "Tell everyone you know."

I got virused to day by a feller named Bruce.

I am not knowledgeable on this but I'll just give you the best I got.

It came as 5 e-mails from Bruce ???crief?? and addressed to me and several others - each item differently. The subject line in each was the same as different executable e-mails I've received recently (FL_Ballot.exe, etc) Remarkably each had some 546 lines in the message.

Since this looked odd but had friendly Subjects, I saved to disk instead of launching direct from my Reader. I ran MacAfee Viruscan with definitions file 4.0.4099 (Nov 12, 2000) (and full heuristics) which showed then clean.

I manually launched one (FW_.exe, etc) & got zapped.

I use Win95-B and it put a command somewhere in my registry that almost any Windows program call _must_ be proceeded by using winsvrc.exe, which it can't find. A Windows-looking dialog asks its location. Of course it doesn't exist. I tried to fool it by creating an empty file _called_ winsvrc.exe in the root directory but then the virus simply claims that _none_ of my programs are Windows 95 programs and cannot be run. The desktop opened more or less normally & Windows Explorer (which had been open) worked ok but I could not run any significant or system program.

I'm a good backer-upper and wished to restore User.dat, (user.da0 is also corrupted by this wiseguy), and System.dat and System.ini and Win.ini (just to be sure - I don't know I need them all) But back-up is a windows-based program and won't work.

Finally, since I (cheerfully patting myself on the back with both hands and both feet) use Backup Version 6 from Win 3.95 (because it will _include_ selected files, not just _exclude_ them) I was able to drop to DOS and restore the 4 files.

I suffered no loss at all except about two hours of confusion.

Strongly recommend: Look out for e-mail of 546 or so lines Back up the 4 system files in such a way they can be restored in DOS eg Win 3.x Back-up or perhaps create a Safe folder (directory) & just copy them from \Windows to this. You'll need some DOS program that will deal with deleting, and copying files that are marked Read-only, System, and Hidden. (Norton Commander or FA.exe to change the characturists, eg.) Windows Explorer may work if you can get _it_ to work.

Have a nice day.