jap2_ss@uhura.cc.rochester.edu (Joseph Poutre) (06/15/89)
I may have run into a new virus. When running Interferon 3.1 on our harddrive and asking it to report anomalies it detected a type 003 anomaly, the Sneak virus, in the Finder and the DA Handler. While it did not register when I truned the anomaly reporter off, I wondered about this, and discovered it was on all consultant disks, and mine too. The Finers are either 6.1 or 5.3. Is there a part of Finder that would set this off, or do I have a new virus? Is there any program that will eradicate the Sneak virus, and where can I get it to try it? Post or email. If I get only email responses I will summarize in a post. On a lighter note, could someone help me withthe Radical Caslte game? I can't get out of the basement of the castle, other than by doing the strange stuff. Can anyone give me a hint or the solution. Also, I would like the final Beta test version of Servant, .999. Where is it available? Thank you, and have a surrealistic day. The Mad Mathematician jap2@uhura.cc.rochester.edu The "People's Republic" is neither. STV quote: ... _ ._ _. _.. _... ._ _._. _._
cleeland@rex.cs.tulane.edu (Chris Cleeland) (06/16/89)
In article <2278@ur-cc.UUCP> jap2_ss@uhura.cc.rochester.edu (Joseph Poutre) writes: >I may have run into a new virus. When running Interferon 3.1 on our >harddrive and asking it to report anomalies it detected a type 003 >anomaly, the Sneak virus, in the Finder and the DA Handler. While it did > I beleive that this was asked a few weeks ago, and the reply was that the so-called "sneak" virus was actually a name dreamed up by the authors of Interferon to describe something which might be "sneaky" (somebody else please be more technical about this than I am...my memory fails me at the moment). Essentially, there's nothing to worry about -- try Disinfectant (from sumex) and it won't show up (this doesn't mean that you don't have another virus which Iterferon can't detect, but...) >On a lighter note, could someone help me withthe Radical Caslte game? > Sorry, no help there. >Also, I would like the final Beta test version of Servant, .999. Where >is it available? > I, too, would be interested in seeing Andy Hertzfeld's final product. I downloaded the version from sumex, and enjoyed using it, but found that it really wasn't robust enough. Anybody have any information on it? -- Thanks Chris Cleeland, Tulane University Disclaimer: I haven't said anything worth not claiming!!!
prince@maui.cs.ucla.edu (Larry Prince) (06/22/89)
In article <838@rex.cs.tulane.edu> cleeland@rex.UUCP (Chris Cleeland) writes: > ....... Essentially, there's nothing to worry about -- try Disinfectant Has anyone beside me had the following experience with Disinfectant? At work, I found a couple of our macs (an SE and a II, both running 6.02) infected with nVirA. The infected files were System, Finder, and a couple of applications. I disinfected everything with Disinfectant 1.1, which upon running again, claimed to have done its job (no viruses found). Upon rebooting, I checked the machines with Interferon just for grins... It found an 002 in System on both machines! (All other files were fixed as advertised.) Naturally I trashed the system files and reinstalled. UCLA Computer Science Department -- Larry 3413 Boelter Hall Los Angeles 90024 (213) 825-2145 Prince UUCP: {ucbvax,sdcrdcf}!ucla-cs!prince ARPAnet: prince@CS.UCLA.EDU
cleeland@rex.cs.tulane.edu (Chris Cleeland) (06/22/89)
In article <25127@shemp.CS.UCLA.EDU> prince@cs.ucla.edu (Larry Prince) writes: > >Has anyone beside me had the following experience with Disinfectant? >At work, I found a couple of our macs (an SE and a II, both running 6.02) >infected with nVirA. The infected files were System, Finder, and a couple >of applications. I disinfected everything with Disinfectant 1.1, which upon >running again, claimed to have done its job (no viruses found). > >Upon rebooting, I checked the machines with Interferon just for grins... >It found an 002 in System on both machines! (All other files were fixed >as advertised.) I think that what probably happened is that the first time that you ran Interferon, it got infected (this happened to me once when I forgot -- God what a mess!). So, Disinfectant did its deed, and cleaned things up. Then, when you ran Interferon again, the System got infected again. The reason that Disinfectant doesn't get infected is b/c each time it is launched, it performs a check upon itself and disinfects if necessary. Then it goes on with its other business (disinfecting your disks). Maybe you should try running Disinfectant on your copy of Interferon... -- Thanks Chris Cleeland, Tulane University Disclaimer: I haven't said anything worth not claiming!!!
jln@accuvax.nwu.edu (John Norstad) (06/22/89)
Some virus-fighting programs add a special nVIR 10 "inhibitor" resource to the system file in an attempt to prevent future infections. Interferon mistakenly thinks that this resource is an actual infection. Disinfectant does not, and will not remove the resource when repairing the system file. This is one possible explanation for why in your case Interferon thought that your system file was still infected after you repaired it with Disinfectant. This is just a theory of course - it's impossible to say exactly what happened in your case. You did the right thing though - it's always safest to delete infected files and replace them with known good copies. Disinfectant does check itself on startup and notify the user if it has been modified. It does not, however, try to repair itself if it discovers a change. (I'm the author of Disinfectant) John Norstad Northwestern University jln@acns.nwu.edu
rdsesq@Jessica.stanford.edu (Rob Snevely) (06/22/89)
If KillVirus had been installed in the system folder, it would have put a nVIR res #10, this is an inhibitor. Disinfectant does not report this particular entry since it is not a virus. Interferon does report it since it is a nVIR resource but it is not "smart" enough to know that the nVIR res #10 is not a virus. Atleast thats my understanding. rob
prince@maui.cs.ucla.edu (Larry Prince) (06/22/89)
In article <847@rex.cs.tulane.edu> cleeland@rex.UUCP (Chris Cleeland) writes: . .I think that what probably happened is that the first time that you ran .Interferon, it got infected (this happened to me once when I forgot -- God .what a mess!). So, Disinfectant did its deed, and cleaned things up. Then, .when you ran Interferon again, the System got infected again. . .The reason that Disinfectant doesn't get infected is b/c each time it is .launched, it performs a check upon itself and disinfects if necessary. Then .it goes on with its other business (disinfecting your disks). . .Maybe you should try running Disinfectant on your copy of Interferon... . >Chris Cleeland, Tulane University Sorry if my message was unclear the first time...I *didn't* run interferon prior to running disinfectant. I scanned with disinfectant 1.1, found system, finder, and several applications dirty (nVIR.a), disinfected with disinfectant, ran disinfectant again which claimed everything was clean, then ran a *reliably clean* interferon which claimed system was still dirty. I didn't take any chances...I threw system away. UCLA Computer Science Department -- Larry 3413 Boelter Hall Los Angeles 90024 (213) 825-2145 Prince UUCP: {ucbvax,sdcrdcf}!ucla-cs!prince ARPAnet: prince@CS.UCLA.EDU