Virus Warning - Virus Help Team

VIRUS HELP TEAM
Denmark & Canada



Conman Trojan

      Warning to all :
      ----------------

      Packing type: Turbo Squeezer

      The archiv "hackt.lha" contains a fucking CONMAN trojan ! The archiv
      contains the file Hackt.exe, which is Turbo Squeezed.

      packed:   12692 Bytes
      unpacked: 12312 Bytes

      It installs a new process with the name CLI(0):console.device and
      writes a new file called C:Iprefs. This Iprefs is packed several
      times and uses the 4eb9 linker method to unlink some strange stuff.

      packed:    10820 Bytes
      unpacked:  14216 Bytes

      The file itself contains an very old IPrefs and an, again packed,
      destructive virus from a guy called CONMAN. It will try to destroy
      many sectors by filling them with the word "CONMAN 1995". There is
      no rescue for such sectors.

      Due to no viruskiller for this bastard it is best for the infected
      users to do the following: Boot from the orginal WB disks and
      simply copy a new IPREFS to your HD and it should work again !

      The ConMan viruses were mostly BBS hackers, now this guy reached a
      new dimension. I got yesterday a phonecall from an irritated user
      (someone of Krypton or so ?) and he told me about his file. He got
      it from a BBS in Berlin, which is thought to be the homeplace
      of CONMAN. This guy told me that he had downloaded it around 6.4.1995,
      so this virus is on the wild.

      Sorry for this short analysis, I just got the thing packed in a
      warning from RD10/Osiris (NEVER SPREAD THE VIRUS IN A WARNING MAN !
      IF YOU WANT TO DO SOMETHING GOOD, THEN DON`T SPREAD IT IN THIS
      WAY !) and wanted to give you some information than RD10. It is
      weekend for me now, too and I want to go to a party, so wait for
      the first viruskillers to recognize this bastard.


      Greets

            Flake (Markus Schmall)




Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht-dk.dk