"Thomas Mueller" <[EMAIL PROTECTED]> wrote:
>from [EMAIL PROTECTED] (Howard Eisenberger):
>
>> I ran joke.exe in pure DOS once (it's a DOS program) and gave my
>> PC the Hubris virus which was recognized by F-Prot. Of course, it
>> is benign in DOS, since the way it works is to modify wsock32.dll.
>> I simply got rid of it with a warm reboot.
Correction: F-Prot merely finds the infected file on my hardrive.
|Scanning D:
|D:\WORK\JOKE.EXE Infection: W95/Hybris.worm.B
Running it in DOS doesn't do anything at all. It is not necessary
to reboot.
> What does joke.exe look like when it runs in pure DOS? I guess it did no damage
> to the boot sector or partition table? What happens when joke.exe can't play a
> joke on WSOCK32.DLL or the Windows Registry, because these don't exist?
Fortunately, nothing happens. I guess if it can't find WSOCK32.DLL,
it just exits. The way it spreads is described at McAfee.com (link
from www.sexyfun.net):
|The modified WSOCK32.DLL file watches all Internet activity and
|attempts to mail a copy of the worm, in the form of a .EXE or .SCR
|file, to any valid e-mail address sent over the Internet connection,
|whether part of a e-mail message, webpage, or newsgroup posting.
Howard E.
--
DOS TCP/IP * <URL:http://www.ncf.ca/~ag221/dosppp.html>
