CLP_WOW.exe Virus:
        ------------------

        The warning that a destroyerfile called "CLP_WOW.exe" is in
        circulation appeared 21.12.1993. I started searching for this
        virus like hell. But I did not find it on the german systems.

        On the 24.12.1993. at 21.00 o`clock I found a file called
        "clpvirus.txt" on a fast german BBS system. The file came from
        the USA (Planet X) and contained a complete dissassembly of
        the virus and a warning.

        A big sorry to all friends, who I nerved with always calling
        and asking for this virus.

        The sourcecode was complete and so I assembled it with 4
        assemblers (OMA 2.05 (opt,nonopt) ASM-ONE (opt,nonopt)) and
        included the recognition routines for this virus.

        I hope that the original file will be recognized. Due to the
        case that the whole source was in this file, it`s very possible
        that clones appear.

        Inner workings of this virus:
        -----------------------------

        The S: directory will be scannned and all files will be loaded.
        Then the loaded will be overwritten (ca. the first 200 bytes)
        by a lame text and  the file will be written back. No rescue
        for executable files is possible.

        Another point: The virus is so buggy that it crashes at all  of
        my systems and  no danger is caused. The  LAMERS  made  several
        mistakes.


        This file seems to be spread together with the archive
        "bullet.lha".




        At the end of the file can be read:


        "Isn't CUTE LITTLE PONNIES just a nice group!?... hahahaha!"
        "   Fuck off... Next time we will be even MORE nice...     "
        "   MONO oF CUTE LITTLE PONNIES! HAHAHAHAH!             Oups."
        ".. Hope we didn''t destroy any valuable configs in ure "
        "S-drawer... ahahhHHAHAHAHAHH!!!!!!!       Ok, have fun, anbd"
        " don''t 4get to call again!  HAHA! '



        Comment 29.12.1993.:
        --------------------

        A cracked version of /X 3.19 appeared on the boards. This version
        was cracked by Mono of Cute little Ponnies. Same name. I saw a
        warning that this /X release contain a backdoor.




        NOTE to the man who dissassembled this virus:
        ---------------------------------------------

        Never spread a complete sourcecode of a virus ! Some lame guys
        could assemble and spread the file again. You are right if you
        say that this virus is VERY lame coded but the damage is too
        big....If you have the original virusfile, I would be happy, if
        you could send it to me. Or upload it to one of TRSi`s Boards
        and ask the Sysop to post it to me....




        I have tried to start the new assembled files, but the programm
        failed.

        Comment 12.03.1994: A lot of such based programms have serious
        problems.



        Test by Markus Schmall....

[Go back]