[Thread Prev] [Thread Next] [Thread Index] [Date Prev] [Date Next] [Date Index]

[Fwd: Urgent Virus Warning - Hare Virus]

>>>Please pardon any duplicate messages you may receive - this message is being
>>>forwarded to many lists.
>>>
>>>Melissa Whalen
>>>MOREnet User Services
>>>
>>>
>>>>Date:         Tue, 20 Aug 96 20:42:58 CDT
>>>>From: Gerry Novak <CCGERRY@MIZZOU1.missouri.edu>
>>>>Organization: Campus Computing - University of Missouri - Columbia
>>>>Subject:      Urgent Virus Warning - Hare Virus
>>>>To: Linda Canestraight <CCLINDA@MUCCMAIL.MISSOURI.EDU>
>>>>
>>>>
>>>>You have untill midnight Wednesday to check for this nasty virus!
>>>>This is *** NOT *** a hoax (like "good times")
>>>>This WILL scramble the contents of a hard disk.
>>>>
>>>>This is one of the FEW viruses successfully spread via
>>>>the Internet (USENET news groups).  Once on a computer,
>>>>it spreads via Executable files (i.e. file server) AND
>>>>via floppy diskettes (BOTH bootable and DATA diskettes).
>>>>
>>>>Hare delivers its destructive payload Aug 22 and Sept 22.
>>>>
>>>>Sorry for the late notice, until I did some deep reading, I did
>>>>not realize just how far this beast had spread.  Also, much
>>>>to my suprise, F-PROT 2.23a WILL _NOT_ DETECT THIS!  :-(
>>>>
>>>>Repeat:  You have until Wednesday MIDNIGHT to find this!
>>>>
>>>>The virus detector: F-Hare is available at:
>>>>
>>>>      ftp://ftp.datafellows.com/pub/f-prot/tools/f-hare15.zip
>>>>
>>>>- - - - - - -
>>>>F-HARE - Scanner and disinfector for the Hare viruses
>>>>Copyright (c) 1996 Data Fellows Ltd
>>>>
>>>>OVERVIEW
>>>>
>>>>F-HARE will detect and disinfect the three known variants of the
>>>>Hare virus (also known as HDEuthanasia and Krsna). This document
>>>>gives a brief description of the Hare virus and explains how to
>>>>use F-HARE to detect and disinfect this virus.
>>>>
>>>>ABOUT THE HARE VIRUS
>>>>
>>>>Hare is one of an increasing number of viruses distributed via
>>>>the Internet, in the form of posts to Usenet News. On the 22nd of
>>>>August and the 22nd of September, members of the Hare virus
>>>>family will trigger, attempting to overwrite hard disks, floppy
>>>>disks in drives A: and B:.
>>>>
>>>>Hare is a polymorphic, stealth, multi-partite virus. It is
>>>>memory-resident and infects .COM and .EXE files, MBRs of hard
>>>>disks, and floppy disk boot sectors. It is Windows 95 aware,
>>>>enabling it to infect both files and the boot sectors of floppy
>>>>disks used from Windows 95.
>>>>
>>>>Known variants are Hare.7610, Hare.7750 and Hare.7786
>>>>
>>>>SYMPTOMS
>>>>
>>>>The symptoms of the Hare virus vary; under certain circumstances,
>>>>it can render the fixed disk unbootable, or hide the DOS
>>>>partitions if the system is booted from a clean system disk; it
>>>>attempts to hide its changes to the length of infected files.
>>>>Alternately, there may be no visible effect until the virus
>>>>triggers. Since the symptoms can vary, it is recommended that
>>>>suspect PCs be scanned using the F-HARE utility.
>>>>
>>>>HOW TO USE F-HARE:
>>>>
>>>>Run F-HARE with the drive letter of directory as a paramter. For
>>>>example:
>>>>
>>>>        F-HARE C: F-HARE Z:\USERS
>>>>
>>>>F-HARE will first check memory and will tell you if the Hare
>>>>virus is in resident:
>>>>
>>>>              "Scanning for Hare in memory - Infected!"
>>>>
>>>>If you find the Hare virus in memory, please reboot your computer
>>>>from a clean write-protected system floppy diskette. This will
>>>>ensure that the Hare virus is not in memory.
>>>>
>>>>Type F-HARE <drive parameter> to determine if your Master Boot
>>>>Record or any files are infected with the virus. If F-HARE finds
>>>>the virus, you will be notified. Then, type F-HARE <drive
>>>>parameter> /disinf.
>>>>
>>>>F-HARE will disinfect your Master Boot Record and infected files.
>>>>
>>>>As detailed above, it is possible in some cases for the Hare
>>>>virus to cause the DOS partition to be inaccessible when booted
>>>>from a clean system disk. Do not worry, if this occurs, F-HARE
>>>>can still remove the virus from both your hard disk and from any
>>>>infected files.
>>>>
>>>>If F-HARE has found the HARE virus in your MBR, but you cannot
>>>>see the DOS partition of your fixed disk after booting from a
>>>>floppy disk, take the following steps to disinfect your machine
>>>>fully:
>>>>
>>>>1. Make sure you have booted from a clean write-protected system
>>>>   floppy diskette.
>>>>
>>>>2. Type F-HARE c: /disinf
>>>>
>>>>   F-HARE will remove the virus from the Master Boot Record.
>>>>
>>>>   After the virus is removed from the Master Boot Record, you will
>>>>   see the message "virus removed" followed by the message "No hard
>>>>   disk found".
>>>>
>>>>3. Simply reboot your computer again, from the clean write-protected
>>>>   floppy system diskette. You will now be able to see the C: drive.
>>>>   Once you can see it (by typing dir c:), type F-HARE c: /disinf to
>>>>   clean the virus from any files which may have become infected.
>>>>
>>>>
>>>>WHAT ABOUT FLOPPIES?
>>>>
>>>>Since Hare can infect floppy diskettes, you will want to scan
>>>>your floppy diskettes as well. To do this, invoke F-HARE using
>>>>the /MULTI switch (eg F-HARE A: /MULTI).
>>>>
>>>>--
>>>>
>>>>Virus analysis based on information from Mikko Hypponen, Data
>>>>Fellows F-PROT Professional Support. F-HARE by Peter Szor, Data
>>>>Fellows F-PROT Professional Development. Documentation by Sarah
>>>>Gordon, Command Software F-PROT Professional Research and
>>>>Development.
>>>>
>>>>F-HARE is protected by international copyright laws. F-HARE is
>>>>(c) 1996 Data Fellows Ltd, and it is not in public domain or
>>>>freeware, but you are free to use and share this software with no
>>>>charges in non-commercial private use. Use of this software in
>>>>other environments is not allowed in Europe, Asia and Africa
>>>>without a license to F-PROT Professional or a current license
>>>>from Frisk Software International. To purchase a license, contact
>>>>your local distributor listed in PRO.DOC. Please redistribute
>>>>F-HARE only with this documentation. You are not allowed to
>>>>resell this software for your own profit (normal copying costs
>>>>excluded) or claim to hold rights to this software. Although you
>>>>may have the right to use F-HARE, it will remain the exclusive
>>>>property of Data Fellows. Data Fellows does not warrant that the
>>>>software is error free and we will not cover any costs created by
>>>>function or malfunction of this program. Data Fellows also
>>>>disclaims liability for possible consequential damages. If you
>>>>cannot agree to these restrictions, you should not use F-HARE.
>>>>
>>>>Copyright (c) 1996 Data Fellows Ltd, Finland
>>>>
>>>>                 Data Fellows Ltd
>>>>                 Paivantaite 8
>>>>                 FIN-02210 ESPOO
>>>>                 FINLAND
>>>>                 tel:    +358-0-478 444
>>>>                 fax:    +358-0-478 44 599
>>>>                 e-mail: F-PROT-Support@DataFellows.com
>>>>                 www:    http://www.DataFellows.com/
>>>>
>>>>
>>>>- = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = -
>>>>- - Gerry D. Novak    (573) 882-2000     ccgerry@mizzou1.missouri.edu
>>>>- - SLIP, Procomm, MS-DOS & Windows 2nd level support for MU HelpDesk
>>>>
>>>>
>>>
>>>
>>
>>
>>Attachment Converted: C:\TEMP\f-hare15.zip
>>
>----------------------------------------------------------------------------
>-------
>Allen Gathman
>Biology Department MS 6200
>Southeast Missouri State University
>Cape Girardeau MO 63701
>http://biology.semo.edu
>Phone (314) 651-2361
>Fax (314) 651-2223
>
>
Dr. Peter D. Roopnarine
Department of Biology
Southeast Missouri State University
Cape Girardeau MO 63701
email:proopnar@biology.semo.edu
web:http://biology.semo.edu


Dr. Kim Driver
Dept. of Biology
Southeast Missouri State University
One University Plaza
M/S 6200
Cape Girardeau   MO   63701
e-mail kdriver@biology.semo.edu
web http://biology.semo.edu

Partial index: