reynhout@wpi.wpi.edu (D Andrew Reynhout) (12/21/89)
(REPOST- my first elicited one reply by private mail, telling me that I
(a friend, actually) may have stumbled upon an undocumented virus)
A friend of mine at Boston University recently discovered his System and
Finder trashed, and his HD renamed to "Virus by Virax" or similar. (He was
explaining it over the phone, and I didn't get the spelling.) He uses
VirusDetective, which tells him that his HD is clean, but there is undeniably
SOMETHING wrong somewhere.
He reinstalled his system software from a backup, and all of the other
files seemed intact. Everything ran smoothly...for a day or so. Then the same
thing happened.
He's currently using his HD as a datadisk, and booting from a floppy, but
this is irritating and he wonders if someone might be able to point him in the
direction of having his HD restored to its previous working order.
Upon inquiry, he stated that his roommate is computer-illiterate and would
not know the first thing about screwing his system over...had to ask.
I know everyone's busy with WDEF...but an acknowledgement of extance would
make me a happy person. He was more than slightly upset by this development,
having final papers and such due before break... Which have now been taken
care of, but he would like at least a warning not to use the HD. I would get
copies of the System/Finder in question, but it's not convenient, and I don't
want to find out that this is a well-documented and easily removed virus that
I, as a member of the MacCommunity should know about. I did send him Disin-
fectant, that being the best virus removal program I have seen. He used it,
but the problems recur.
SO- let me know...
BTW- Don't beat on me for this. I'm a virus-neophyte. My only experience
has been with nVIR and WDEF, both of which were nice and cleanly removed by
Disinfectant. I've been using Vaccine since my brush with nVIR. WDEF appeared
on some school-owned Mac IIs.
Also BTW- No one ever talks about what the virii were written to DO...if
they were not malicious, merely buggy, then what WERE they?? And what's to
prevent a clean virus from keeping itself hidden until it does what it was
written to do? Of course, the various virus-protection programs will stop
any virus that propagates itself with documented and standard routines...my
understanding is that WDEF bypassed the protection at the expense of compat-
ibility, which is the only reason it was discovered in the first place.
Andrew
--
Andrew Reynhout (Internet: reynhout@wpi.wpi.edu)
"Maybe if we pretend this never happened, they'll all just...go away."
- Laurie Andersonwmcb@uncecs.edu (William C. Bauldry) (01/12/90)
Does anyone know if WDEF or another virus can cause the following scenario: GateKeeper vetos an attempt to add FKEY 0 resource to the Desktop file An FKEY is a curious choice for viral code... Bill Bauldry Math Sciences Appalachian State U
ephraim@leander.think.com (Ephraim Vishniac) (01/13/90)
In article <1990Jan11.214724.10000@uncecs.edu> wmcb@ecsvax writes: >Does anyone know if WDEF or another virus can cause the following >scenario: >GateKeeper vetos an attempt to add FKEY 0 resource to the Desktop >file >An FKEY is a curious choice for viral code... An early version of FKEY Manager used "FKEY" as its signature. So, its signature resource was FKEY 0, and the Finder would copy this to the Desktop file when you installed the program. Since it wasn't code, however, the result was a crash whenever you pressed command-shift-0 with the Desktop file open. Later versions, of course, used some different signature. Have you received this program recently? Ephraim Vishniac ephraim@think.com ThinkingCorp@applelink.apple.com Thinking Machines Corporation / 245 First Street / Cambridge, MA 02142 One of the flaws in the anarchic bopper society was the ease with which such crazed rumors could spread.