Anti-virus software developer Sophos reports the detection of the latest Trojan, Trojan.Futs, that is designed to integrate with Novell Netware. When executed, the Trojan presents the user with a screen containing various options. These include filling the local hard disk, erasing the CMOS memory, deleting all files on the local hard disk, causing the NetWare server to beep constantly, making various NetWare queries or activating a multi-user chat system.
The Trojan includes a "boss screen" option, which pops up a fake Borland Pascal 7.0 window. Troj.Futs also has an option to drop the BW-770-b* DOS executable file virus. *BW-770-b is a DOS executable file virus that when executed, infects COM and EXE files in the current directory, increasing their length by 770 bytes.
Occasionally the virus displays the message: "Don't be a fool, fuck the school", attempts to format the hard drive, or causes the computer to beep constantly until it is rebooted.
The virus was written with the Biological Warfare virus construction kit.
Disinfection & Removal
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Technical Details: Kaspersky Labs; May 2001