Mike O'Connor wrote:

>Hi All,
>
>About 12 hours ago, I had a disturbing experience - the exact origins of 
>which I don't know.   At the time I had been online continuously for 
>about 9 hours or so - when I luckily just *happened* to check my Trash 
>Can contents. 
>
>I had been having a progressive slowing of this eCS 1.0 system, things 
>weren't refreshing at the normal [constant] speed.  This occurred after 
>I received a bunch of messages with attached virii - the *wait" pointer 
>was *active* whenever it was anywhere over the inbox message pane in IBM 
>WB 2.01. None of the messages was large - about double usual list 
>message size - probably the only large one was about 42KB, which sounds 
>like a Bagle-variant.
>
>When I opened the Trash Can, you can imagine my surprise when I found 
>~1.5GB of directories in there, including the \WINNT tree from W2KP. I 
>normally have the TC set to be emptied on shutdown - well I've changed 
>*that* option, along with some others to prevent disaster striking via 
>that route.
>
>So I'm wondering whether someone has come up with some malware that's 
>either Java or REXX based?
>
>I shutdown [powered-off] and booted into another partition, eCS 1.13 and 
>ran Norman AV  against all drives - took 144 minutes to check 259,000 
>files, a heck of a lot of those inside the .jar files and a multitude of 
>zips., including the Goldencode ones twice!
>
>A lot of [non-compressed!] plain-text files were mis-identified as being 
>archives and some DOD DLLs were supposedly "damaged" and W4 FDISK.COM 
>[>64KB size] was NOT checked!  No infection was found.
>
>Now I know that *I* didn't delete those directory trees, that would have 
>been the last thing I'd ever do,  and I don't have any junk in my 
>os2*.ini files either, and I don't have any sticky-keys activated which 
>could have left some previous selection active - so what happened ?
>
>  
>
I had a message on my screen the other day saying it could not delete 
{at}rootdir I could only say ok to and then I got another that said it 
could not delete autoexec.bat, at this point I started looking for 
anything that might be deleting something but couldn't find anything.  
Nothing further came up and no files went missing but it was a bit 
disturbing.  Don't know if there is any type of corolation with what you 
had happen or not but it does strike a chord.  I may have to get Norman 
AV though.
Andy


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark
Printer at MyInks.com.  Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/E8folB/TM
---------------------------------------------------------------------~->

 
Yahoo! Groups Links

 To visit your group on the web, go to:
     http://groups.yahoo.com/group/os2user/

 To unsubscribe from this group, send an email to:
     os2user-unsubscribe{at}yahoogroups.com

 Your use of Yahoo! Groups is subject to:
     http://docs.yahoo.com/info/terms/
 


---