Warning to all :
----------------
Packing type: Turbo Squeezer
The archiv "hackt.lha" contains a fucking CONMAN trojan ! The archiv
contains the file Hackt.exe, which is Turbo Squeezed.
packed: 12692 Bytes
unpacked: 12312 Bytes
It installs a new process with the name CLI(0):console.device and
writes a new file called C:Iprefs. This Iprefs is packed several
times and uses the 4eb9 linker method to unlink some strange stuff.
packed: 10820 Bytes
unpacked: 14216 Bytes
The file itself contains an very old IPrefs and an, again packed,
destructive virus from a guy called CONMAN. It will try to destroy
many sectors by filling them with the word "CONMAN 1995". There is
no rescue for such sectors.
Due to no viruskiller for this bastard it is best for the infected
users to do the following: Boot from the orginal WB disks and
simply copy a new IPREFS to your HD and it should work again !
The ConMan viruses were mostly BBS hackers, now this guy reached a
new dimension. I got yesterday a phonecall from an irritated user
(someone of Krypton or so ?) and he told me about his file. He got
it from a BBS in Berlin, which is thought to be the homeplace
of CONMAN. This guy told me that he had downloaded it around 6.4.1995,
so this virus is on the wild.
Sorry for this short analysis, I just got the thing packed in a
warning from RD10/Osiris (NEVER SPREAD THE VIRUS IN A WARNING MAN !
IF YOU WANT TO DO SOMETHING GOOD, THEN DON`T SPREAD IT IN THIS
WAY !) and wanted to give you some information than RD10. It is
weekend for me now, too and I want to go to a party, so wait for
the first viruskillers to recognize this bastard.
Greets
Flake (Markus Schmall)