evans@Neon.Stanford.EDU (John S. Evans) (12/08/89)
Howdy. I'm working here at Stanford University, and we have (we think) found this new virus everywhere. We also downloaded a copy of the Eradicator! init, and are having MAJOR problems getting the sucker to work. We convert it to mac format with Stuffit 1.5.1, unBinHexing, and use RESEDIT to insert the INIT in the file's TYPE field. When we boot a mac II (or IIcx) with this init and insert a probably-infected floppy disk, the init hangs, after giving us the warning (3 beeps...) Also, if we boot a floppy with the init on a system with an infected hard disk, the init hangs at the same point. In both cases, the hang occurs after the inits are done loading, and the infected disk is attempting to mount. Any help would be greatly appreciated, as we believe this virus to be a major source of the errors we have been getting lately... Thanks! -- John S. Evans | "Are you suggesting coconuts migrate?" evans@neon.stanford.edu | MS Computer Science Student | Stanford University |
rcbaem@eutrc3.urc.tue.nl (Ernst <pooh> Mulder) (12/11/89)
Having read many articles on this new WDEF virus here on comp.sy.mac, I have the following question: Isn't there a very simple precaution against this new virus? What I mean is: I guess this virus spreads because the Mac, when a window is opened, tries to access a WDEF resource. Since this resource is in ROM and the ROM 'resource file' is opened at the lowest level, the Mac finds the WDEF in the DeskTop file first. This will only happen in the Finder (or MultiFinder) because when in the Finder the DeskTop file will be one of the open files. Any other opened file will be at a higher level than the ROM and therefore trying to open a WDEF resouce will give the resource in the DeskTop file. What is the order (resource) files are opened when in the Finder? The ROM will be on the lowest level. What after that? The Finder itself or the DeskTop file? In the latter case the WDEF problem can be solved by placing a valid WDEF in the Finder. Hmm, I guess I over-reacted, the problem might be more difficult than I thought at first glance. When a disk is inserted the DeskTop file on it will be the last opened and therefore the first searched in by GetResource. :( Maybe someone could (TAIL? ;) ) patch GetResource? pooh.