Forum Rules - Formats - Spotlights  -  Home - Library - New Additions

[PROBLEM] Windows 98 Memphis Build 1532 Beta 1

AnonymousAnonymous
edited September 2014 in Site Issues
I just ran a Microsoft Security Essentials full scan on my computer and it caught a file inside of the iso as malicious and that it infects other files. Just wanted to let y'all know.

It is this one: http://wdl2.winworldpc.com/Beta%20Opera ... .1532%20B1).7z

Happy New Year!
Charles

Comments

  • noonenoone
    Hmm. Confirmed.


    us8.jpg

    Appears to be a macro virus from the early 90's. The release notes for this beta is the infected file.

    Anyways some background:
    WordMacro/Wazzu consists of a single AutoOpen macro; this makes it language independent, ie. this macro virus is able to infect localized versions of Word as well as the english Word.

    Wazzu.A frequently modifies the contents of documents it infects, moving words around and inserting the text 'wazzu '. The word 'Wazzu' is reported to be a nickname for the Washington State University.

    Microsoft did accidentally spread the WordMacro/Wazzu virus several times during fall 1996:

    The September 1996 edition of the Microsoft SPCD (Solution Provider CD) had a single Word document infected with WordMacro/Wazzu.A. This CD was distributed internationally to Microsoft partners. The infected file on this CD is \sia\mktools\case\ed3905a.doc.

    Microsoft distributed Wazzu.A during the Swiss ORBIT conference on another CD called Letz Fetz on the Netz, in a document called hotl95d.doc.

    An infected document was available for download on Microsoft's WWW site in the http://www.microsoft.com/switzerland/de/Misc/ hierarchy for several days, possibly weeks.
    Basically from the looks of it, since this cd was likely packaged by MS themselves, they were the ones initially spreading that virus around. Someone unaware of that, isoed the file and since it's sat. Technically, as long as the release notes file is not opened, there shouldn't be an infection, but for now, I suggest people avoid downloading this file. (People won't likely be cautious.)

    Stitch/Duff/Kirk: Any ideas what we should do with this?
  • KirkKirk
    noone wrote:
    Stitch/Duff/Kirk: Any ideas what we should do with this?
    Personally I'd repackage the ISO and remove the virus. No reason for WinWorld to knowingly distribute potentially malicious files.
  • noonenoone
    Kirk wrote:
    noone wrote:
    Stitch/Duff/Kirk: Any ideas what we should do with this?
    Personally I'd repackage the ISO and remove the virus. No reason for WinWorld to knowingly distribute potentially malicious files.
    Yeah, should we remove the release notes file perhaps, or try to clone the file without the infection? Would require converting it to plain text and then back to .doc (messy, etc.). First would be my suggestion most likely.
  • BlueSunBlueSun
    Silly question, but since MSE is offering to clean the file, did you try that?
  • calvinbcalvinb
    Why not both?
  • noonenoone
    BlueSun wrote:
    Silly question, but since MSE is offering to clean the file, did you try that?
    "Cleaning" deletes the entire iso file. Totally useful option.
  • BlueSunBlueSun
    What about when you extract just the infected file? Does it just delete that file?
  • noonenoone
    Actually seems to work. I think I can fix the download tonight possibly.
  • stitchstitch
    I've made note of this on the new product page and created a new contribution for when a cleaned ISO is made available.

    We want to preserve what was likely originally shipped by Microsoft although we should also offer a clean alternative.
Sign In or Register to comment.