PROBLEM: | A Trojan Horse program called AOL4FREE.COM that deletes all files on a hard drive is circulating the Internet. |
PLATFORM: | DOS/Windows-based PCs |
DAMAGE: | When the AOL4FREE.COM program is executed, all files and directories on the users C: drive are deleted. |
SOLUTION: | DO NOT execute this program. If the program starts executing, quickly pressing Ctrl-C will save some of your files. |
VULNERABILITY ASSESSMENT: | Users who download the trojaned AOL4FREE.COM program and executes it will destroy all the files and directories on their DOS C: drive. |
CIAC has obtained a Trojaned copy of AOL4FREE.COM that destroys hard drives.
CIAC has obtained a Trojaned copy of the AOL4FREE.COM program that, if run,
deletes all the files on a user's hard drive. If you are e-mailed this file,
or if you have downloaded it from an online service, do not attempt to run it.
If the program was received as an attachment to an e-mail message, do not
double click (open) it. Opening an attached program runs that program, which
in this case deletes all the files on your hard drive. The original
AOL4FREE.COM was a program for fraudulently creating free AOL (America Online)
accounts. Note that any attempt to use the original AOL4FREE.COM program may
subject you to prosecution.
NOTE: Most antivirus programs will not detect this or other Trojan Horse programs.
Compiled by BAT2EXEC 1.5 PC Magazine . Douglas BolingNote that this text may appear in any program compiled with the BAT2EXEC program and has nothing to do with the Trojan Horse.
If you open the AOL4FREE.COM file with a disk editor or with the Windows Notepad program, the following text is found at the end of the second sector of the file:
PATH COMMANDC earc /C C: /C CD\ DELTREE /y *.* ECHO YOUR COMPUTER HAS JUST BEEN FUCKED BY *VP* FUCK YOU AOL-LAMER
While attempting to recover files, be sure to not write any new files onto the hard disk as the new files may overwrite the contents of a deleted file, making it impossible to recover. You will probably have to boot your system with a floppy and run any recovery programs from there.
If you happen to have one of the delete tracking programs installed on your system (a program that keeps track of deleted files in case you want them back) the recovery operation will be relatively simple. Follow the directions in your delete tracking program to recover your files. If not, you will probably have to recover each file individually, supplying the first character of the file name, which is overwritten in the directory when the file is deleted. Most DOS/Windows disk tools programs also have the capability for recovering deleted files so follow the directions included with those programs to do so.
An e-mail message was recently circulating about the Internet that warned of an AOL4FREE virus, but that warning is either a hoax or a badly misunderstood description of this Trojan Horse.
CIAC still affirms that reading an e-mail message, even one with an attached program,
can not do damage to a system.
The attachment must be both downloaded onto the system and run to do any damage.