jln@accuvax.nwu.edu (John Norstad) (12/08/89)
Attached is an INIT named Eradicator! that will dectect and eliminate the new WDEF virus. It was written by three programmers in Belgium, Guy Fiems, Riccardo Ettore, and Luc Wets. I don't have source code for the INIT, so I can't guarantee that it doesn't have bugs. But I have tested it, and it seems to work very well. To install the INIT, drag it into your system folder and reboot. The INIT examines every disk when it is mounted and checks for the WDEF virus. If the virus is detected, the INIT beeps three times, flashes the menu bar, and removes the virus. If an infected locked floppy is inserted the INIT beeps three times, flashes the menu bar, and ejects the floppy. You should unlock the floppy and reinsert it. The INIT will then beep three times and flash the menu bar again, and remove the virus. You should install this INIT even if you already use some other protection INIT like Vaccine, GateKeeper, SAM Intercept, or Virex INIT. The current releases of these other protection INITs don't prevent WDEF infections. Don't remove your other protection INIT - use both your old one and the new Eradicator! INIT. Eradicator! will protect against the new WDEF virus, and your old INIT will continue to protect against the other Mac viruses. John Norstad Northwestern University jln@acns.nwu.edu (This file must be converted with BinHex 4.0) :#d9bB@4TBf&dEh)K!%P1593K4Ne6!3!!!!!!!!!-USa$!!!!!!%!!!!,f3!!#YN !!!$4!!!!H`!!"Nm!!!!d!!!"5`)!!#8!!!6M!!!#i3!!!!!,4A*KC'PMBA4[FL% #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!#KSq*l!!!!!!!!$+S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrr rrrrr!!!(L'!1!!"*6NP8!!!!!!!!!!""q[rZ6R&1F@!!"MK19J!!2c`!"DR)2c` !#UR)5Qi!#'B%3QHT6$mm!'5Tb%TZ!!KQ"%*RU8a1ANje8dK29eC*8P919[q%,@i !#[qB3QlrR$eZ!!MrSN*R5'lrKN*R6VS'b$!I28$rK%TZri4Q&L"Z!!i`V[qF-$b !J-"Zrk`JEJ!5-)!`,[q%6Pj1G8G&9%P14&C26PErK#eZ!!MrQ$eZ!!crR%*Zrk* #CdKZriC#Cdkk"RB`(ce!ri4+E[q%CJi`2)#!`'lrV#"Z!!i`J$!Zri41ANje4d9 858j%9Np19[rk3QF[,J!)U!d`(ce!rrT+E[rk9X"%!%L!6Pj1G80)480,8N966PE rr%*R5(S'@MmZ!!`I2!!$UF3`(ce!rrj#E[rm$'lrrrrqC`!"DNKj3d4&9NkkrkK BMdT!C`C`!6e!rra)H8024%91Z[q5@)p+3'F'F!%p32rm5(P%8PC56VVrI&L25N" R"R!"28$rr%Kj4NY&@8kkrfCBMdT!C`C`!6e!rra)H8C09&*1Z[p3@)p+3'F'F!% p32rm5(P*6NP86VVr1PL25N"R"R!"28$rr%Kj6%4&4Nkkrb4BMdT!C`C`!6e!rra )H8e#4%C1Z[m1@)p+3'F'F!%p32rm5(P04%9'6VVqq&L25N"R"R!"28$rr%Kj68e "8%kkrZ*BMdT!C`C`!6e!rra)H9""3dY1Z[l-@)p+3'F'F!%p32rm5(P34%9'6VV qYPL25N"R"R!"28$rr%Kj8&4$5%kkrU"BMdT!C`C`!6e!rra)H9*2GR*1Z[k+@)p +3'F'F!%p32rm5(P649*%6VVqG&L25N"R"R!"28$rr%Kj9d4&4NkkrPjBMdT!C`C `!6e!rr`r,[rqUCTJ"Mmm!!'Tb$!Zrra1ANje6%p25dC28PC19[rkB#K#TbmZ!!J r2!!"U!iJAbe)rra+V[rmCa![,[rmUDe#CkQ8-"mr!+QC3QF[,J!)U!d`(dT!CXT 1ANje49*"4%P$39419[rq3QG)HJ4d2bi!$"mm!!1Ta$!I28$rrJaZrrrrrQF!!-K )H80%49C1Z[q-@)p)H8024%91Z[q!@)p)H8459P*1Z[pd@)p)H8C,49P1Z[pS@)p )H8C09&*1Z[pF@)p)H8P15941Z[p3@)p)H8a%48C1Z[p%@)p)H8e#4%C1Z[mi@)p )H8e%48C1Z[mX@)p)H8e039"1Z[mJ@)p)H9""3dY1Z[m8@)p)H9"%48C1Z[m)@)p )H9"83dK1Z[lm@)p)H9*2GR*1Z[l`@)p)H90&8N41Z[lN@)p)H9G%48C1Z[lB@)m r,[rqUCT1ANje49*"4%P$39419[l#3QlqqR!"28$rrQ!!!*a)E[li5'lqr%KZr[i r,[rq6VVm0%r[!!ip32lk5QlqqQB!!(4"l[lq,8MqeMeZr[cqfR!#,8$qp%+ZrZ" #CdKZrX4#Cdkk!Y!`(ce!r[SpE[lDrX)r,[l#5'lqrNkkr+aFMdT!Cc!r2!!"6VV lT&525Qlqq'F53QG)E[lq2blqr%kk!R)`(f!12blq`NKZr[j1Z[jQA)p5E[rq5Ql qqQF!rf"1ANje8N906eC&4P*19[kq6[S!"J!!!!&)HJ!),cVrpNje5N"R"'!!!+3 Y52rm28$rqL"Zrr`pD!!@r[C)E[li2blqpNKZr[T1Z[ZX6qm!#Me!rVj+E[kqCJ! !FN(Zr[SY52l82@lqp[lBF!)Y32lb3UlqhN*R5'lq`N*R6VS"pM!I28$rqMeZrYM q`$mZrX")E[lk6VVldPb25N"R,N*R6VVkc&525Qlqq'F53QG)E[lk2blqpNkk!CS `(f!12blq`%KZr[T1Z[f1A)p1ANje69P06e919&C19[rJ3UFr2+!23QG1ZJ%q)"m Y32ri3UG)H[mD6VS"TL!I,8$rm%+R,bi!#%kk!2SJ(be!rr4#Tdkk!,BJAbe)rqK #Tdkk!,iJAdK36VS!V%+R,blrp%kk!-3JAbe)rq4+V[rNCe)JEJ!),a![,[rN,bl rp%kk!-C"q[l#dHlrj#*Z!!L4d5e)rq`YE[rXrr`JE[rm)+lrq#"Z!!JJ,[r`N!# 3!0#Zrq3Y32rJ,blri$mmS!p#Cdkk!+i[,[rS6VS!2%jH6R9*6P0838a-8%j@rrb K+#e)rra1Z[fF,blrr%kkrb"BMdjH6R9038P1)#!J)+%D,dJ!"%lk!"SLAb"IS"Y 1qJ!1,hJ#TJ!%6[S!$(!!,`Na`!)J6R9`!'$f)PmJ(k%H,SK1q[rU)PmJAk!P,S" U"N+A6[VrfNlkrp3L(b!I)PmJAk!Z)N&1q[r')Pm5(c!I,`P+!@F%TdCJ!U0',dJ !"%je)Pm5(c!I)&m[#8S"C`5Q4f!#SNG1G8j@rm""l[r!-@i!#!!@)@i!#J!5S"F p3!!16PiLAeb26Y%LAa!I)&pQ"R!"SQ"J"(!"TQ!qJ%l4)Pm3(b"ICJ5L"f!#TJF qJ%l45RJ#MQXF-$bSRk0')NJ`2+"9SdDcb'F+)PmJ(k"9,S"1d5*I)"r!Z!-D,S" 1d3G%CA0VG'p`"d4PFfYdEh!!!!!c-N9bB@4TBf&dEh)K)&CPFR0TEfiJ-5i`)+N J4h9j,#"5D@0MBA*NEb!Q)%aeBb!a16Jj!!!!"dP1593!!3!!!!%!rrrrrj!!!!# "N!!!!,h`$q#pL!eJ[BI+S,f%6@#"K%UJri40B!'(cq!"J#!!!B!3!-'Icq(KQXJ MmC9,TrQDbkIjP8ZMmCV))H'Icq$"J!!3!B!!#!'!!`IjJ!H'UB!2a9Rr(qDTJ4r P@Ed2aUQp"i9C[3-(qEd!!!@"!!!$rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrrrrrr!!!!(#&'69-!!!!"4P*&4J!!!!(`)%P$6L-!!!!"m#!!!!"NB!i !!%P1593$j`!!!!!!!%(krqj1F8jaB!!!!Nj@!!![#d+R5(P*ENPM2c`!!DQJ)&m Q5#!,CJir2!!JUFJQAdjHB!!!(#",S#Nr22!J2ccrrb"66T!!@%mJ5k!UB!$ri%j a6R8!!!%d6PB!!#m,3UF[2%P$6L-r,J!+UD!J(fFJ)%#J+5C),a!r,J!)6VS!&#" ,S#S[#+QM*Pp1ALkI6R9JpNj@r9a)jcmF5qlpA%KZr[LSENKZr`5SEc!i#5cM@!T !%#'`H!NZCaJ-Z&"KG@`+H'F)-I`!#!NXB!Baq!Tq#5a"l[m%-#J!$!4!!#K)3$! i#5`Y32ri,8$rr!CZ!#$rrJCZ!#$rr#CZ!!TK-$!i#5`b,J!)DJ3b2!!Sd%%a`!N XieJ+3"!K-F!*,NKZr`5SI8cI12a1AL"IA)p1d%RZrp`SL`D8!!!!J$Pm!!3!"%+ X!!BTI!!J!#!!#Lm-4Hlr"%KU!!*)HJ!X5'lrq$mm!!0#TkMX"*3!!!#!,`a)DJ! #5(S!%%KZrrJr2!!"3UHSl%je!!!!!!!J!#!!!!"$!3!!!!!!#d9bB@4TBf&dEh) K-$%Z-#!l)'*j)%GeH5"'D@9YFb`J8QPMBf&bC'mJ4A4dEh*P)'&ZC#"-G@-J9f9 dF`!!!3!!!![C!!!+f3!!!0%!"Ik`!ki!!!!F!,B!"NP1593!!3!k)8C08`!!!&* '8N9'!!!!ANP$6L-!!!"U3Nj%6!!!!(C*ENPM!!!!JRCPFR-!!!#1!!!!!$!!!!! !!!!!!qIrr`!!#2)!!!!!!!!!$!!!"i`!!!!!m#$rrb3!"m-!!!!!m#$rr`!!"mi !!!!!m#$rrb3!#0)!!!!!!!(rr`!!#9S!!!!!!!(rr`!!#T)!"ImN#d9bB@4TBf& dEh)K$NphEQ9b)(*PFfpeFQ0P0JB:
jln@accuvax.nwu.edu (John Norstad) (12/08/89)
Chris Johnson, the author of GateKeeper, has reported a bad bug in the Eradicator! INIT I posted. It bombs horribly on all 68000-based Macs. It appears to only work on 68020 and 68030-based Macs. So don't try to use it on Mac Pluses, SEs, or older Macs. Only use it on Mac SE/30s, Mac IIs, and up. John Norstad Northwestern University jln@acns.nwu.edu
rht@smsdpg.uu.net (Randy Thompson) (12/12/89)
From article <1922@accuvax.nwu.edu>, by jln@accuvax.nwu.edu (John Norstad): > Attached is an INIT named Eradicator! that will dectect and eliminate > the new WDEF virus. It was written by three programmers in Belgium, > Guy Fiems, Riccardo Ettore, and Luc Wets. > [deleted] > The INIT examines every disk when it is mounted and checks for the > WDEF virus. If the virus is detected, the INIT beeps three times, > flashes the menu bar, and removes the virus. > [deleted] John mentions Eradicator's ability to detect and repair WDEF infections on floppies, but will this init also work on the hard disk at boot time? I presume that it will, but... Many thanks! _________________________________________________________________________ Randy Thompson | rht@smsdpg.UUCP -- Office SMS Data Products Group, Inc. | rht%tailchasr@smsdpg.UUCP -- mac@home _________________________________________________________________________ * Constructive criticism is always appreciated * Send Flames to: Trash%tailchasr@smsdpg.UUCP _________________________________________________________________________
dplatt@coherent.com (Dave Platt) (12/12/89)
In article <419@smsdpg.uu.net> rht@smsdpg.uu.net (Randy Thompson) writes: > John mentions Eradicator's ability to detect and repair WDEF infections > on floppies, but will this init also work on the hard disk at boot time? > I presume that it will, but... Yes, Eradicator! 1.0 disinfects all mounted volumes when it first runs, and disinfects other volumes when they're mounted. However, John has received reports of serious problems with Eradicator! 1.0 even on Mac II systems, and recommends that people stop using it. A newer version of Eradicator! (1.2) is in the works, and may well be available within the next day or so. I've received the source code for Eradicator! 1.2, and am working on a variant (Eradicat'Em) which I believe will be somewhat more thorough and significantly safer. I hope to have it out within the next few days. Chris Johnson is working on "GateKeeper Aid", an INIT which aggressively attacks and destroys WDEF and WDEF-like viruses. It should be out within a few days, if beta-testing works out well. -- Dave Platt VOICE: (415) 493-8805 UUCP: ...!{ames,apple,uunet}!coherent!dplatt DOMAIN: dplatt@coherent.com INTERNET: coherent!dplatt@ames.arpa, ...@uunet.uu.net USNAIL: Coherent Thought Inc. 3350 West Bayshore #205 Palo Alto CA 94303