-----BEGIN PGP SIGNED MESSAGE-----

.........................  VIRUS HELP DENMARK  .....................
                          --------------------
                            19 December 2000

 Hi All....


 Today we recived a new 'lame' trojan. This trojan will only execute
 it self if you have named your hard-disk "DH0" & "DH1".  The trojan
 is spread in  and archive with  the name "DKG-BLUM.LHA". If you run
 the  "DKG-BLUM.exe",  the trojan  will replace  your c:loadwb  with
 another loadwb (size: 3560 bytes) and replace c:assign with another
 assign (size: 2408 bytes),  and the screen will tell you that there
 is not enough memory,  and you will have  to restart, then it looks
 like the trojan will delete DH1:.
 The trojan also  adds or replaces 2 other files, "LIBS:asi.library"
 & "DEVS:ASI.device".

 The cure right now (If you have lost your DH1:  to bad......), then
 replace the trojan files with clean ones, here is the trojan sizes:

 c:loadwb         ( 3560 bytes)
 c:assign         ( 2408 bytes)
 libs:asi.library (24548 bytes - delete if you dont have clean file)
 devs:asi.device  ( 2408 bytes - delete if you dont have clean file)


 Here is some info about the infected archive:

 Virus Type.... : Trojan
 Archive name.. : dkg-blum.lha
 Archive size.. : 28.535 bytes (lha packet)


 This archive has been send to all the antivirus programers.....


 Thanx to Peter Gordon & Urban for the info and sending the archive
 to us........


   Regards....
      __          Jan Andersen          E-Mail..:  vht-dk@post4.tele.dk
 __  ///          ------------             FidoNet.:  2:237/38.100
 \\\///        Virus Help Denmark             AmyNet..: 39:140/127.100
  \XX/            www.vht-dk.dk                  VirNet..: 9:451/247.0

... Did you know, that the newest version of VirusExecutor is v2.08 !!



- -------------------------------------------------------
Archive has been checked and a .sig file has been added
so you can verify there was no tampering with the file
after placed on the server.  MD5SUMS and Readme PGP
signed by:

Charlene

  e-mail: ml-clm@mailandnews.com
  md5sum: ftp.vapor.com/pub/3rdparty/

[Start md5sum checksum file]-----------------------
b838932c5f1cc26e14d72486ad82a207 *file_id.diz
049c4afd282487dd231eb366638aa72d *VHT-DK.txt
88497f1fd7e59711db5b4949d1c7a3da *vht-dk92.txt
[End md5sum checksum file]-----------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
Comment: Signed by Charlene, using PGPAmiga

iQCVAwUBOkA1ePrh//oWbqdVAQFYOgQAoht6qDAsSv45k0wRlMafl1sjuHnXSzJ4
D846wd8HpN9q2I4x5xaxcOnaTAqq6xHsaibt0CWAj8GS4Vmp0I7LLV9ddGApvKF7
Xn4DSHaWtKDwv4mr0Nul6stPiYKSjzNgRZ3dhcChZ80ZwFi559X6zwLqFvgvXHHX
FGpuyFW8URU=
=s5Yi
-----END PGP SIGNATURE-----