sklein@cdp.UUCP (01/01/89)
I know there was a lot of discussion about viruses a while back, but I've just hired on to a new job where I'm in charge of several Macs. The first thing I did was to put vaccine on 'my' machine, and re-boot. Before I could even get to the Finder I was warned that the resource "nVIR" was about to be added to my system. I denied permission, then bombed. I booted from another disk and removed Vaccine from my hard disk. Now I can boot, but I know I'm infected. Worse yet, I'm not even sure which of my 'original' applications disk might also be infected, as the folks before me didn't bother to write-protect 'original' applications disk. I know this because I found our original MS Word disk and there were some work files stored on the original disk! They hired me to help them out of their ignorance. The first thing I did was to make a rule forbidding ANYBODY to install Applications that we didn't BUY, but HOW do I eliminate the existing infection? HELP! PLEASE! (beg, grovel) -Shabtai Klein ____________________________________________________________________ | There is more to life than | UUCP: uunet!pyramid!cdp!sklein \ | increasing its speed. | Internet: cdp!sklein@arisia.xerox.com | | | BitNet: cdp!sklein%labrea@stanford | | --Mohandis K Gandhi | PhoneNet: (301) 270-2250 | \___________________________________________________________________/ p.s. I HATE nVIR!
NETOPRRW@NCSUVM.BITNET (Rich Wood) (01/10/89)
Hello,
I too hate this of all viruses because of it's ease at moving around.
Here's some info that I hope helps. First of all you should get yourself
some type of detection program (ie. virus detective, interferon, etc).
After locating which pieces of software are infected, throw them in the
trash can and empty the trash. I know this sounds very bad if you have
no back up's, but I have yet to see anything which can save infected
applications. Don't try to replace anything until you are sure the entire
disk is clean. While nvr is bad it doesn't seem to be able to remain after
being trashed. Also first check your system folder. It tends to attach
itself to the system and finder first. Also the programs mentioned above
are public domain if you need to find them.
Hope this helps
-------
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
|
'Ray, This looks extremely bad." E.S. | Working on the largest
| signature file ever
here at home: netoprrw @ ncsuvm<bitnet> |
| Rich Wood
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""pv9y@vax5.CIT.CORNELL.EDU (01/11/89)
In article <544NETOPRRW@NCSUVM> NETOPRRW@NCSUVM.BITNET (Rich Wood) writes: > > Hello, > I too hate this of all viruses because of it's ease at moving around. > Here's some info that I hope helps. First of all you should get yourself > some type of detection program (ie. virus detective, interferon, etc). > After locating which pieces of software are infected, throw them in the > trash can and empty the trash. I know this sounds very bad if you have > no back up's, but I have yet to see anything which can save infected > applications. Don't try to replace anything until you are sure the entire > disk is clean. While nvr is bad it doesn't seem to be able to remain after > being trashed. Also first check your system folder. It tends to attach > itself to the system and finder first. Also the programs mentioned above > are public domain if you need to find them. > Hope this helps As far as applications that can help clean up infected programs, Vaccination, AntiPan, Repair (recently posted to the binaries group), and ResEdit (if you can find nVIR resources easily) can all remove tthe virus. Obviously, reverting to backup is best, but that's not always an option. Your System is almost certainly infected too, so make sure to replace it as well. In general, replace anything you can easily and repair anything you can't. Make and keep backups and keep a close eye on the programs you repair to make sure that they weren't damaged by the repair process. Also check your disks at regular intervals with Interferon to make sure that the virus hasn't crept back on. Adam
levin@bbn.com (Joel B Levin) (01/13/89)
In article <17678@vax5.CIT.CORNELL.EDU> pv9y@vax5.cit.cornell.edu (PUT YOUR NAME HERE) writes: |As far as applications that can help clean up infected programs, Vaccination, |AntiPan, Repair (recently posted to the binaries group), and ResEdit (if you |can find nVIR resources easily) can all remove tthe virus... ^^^^^^^ I strongly recommend AGAINST trying to remove nVIR from an application with ResEdit. nVIR modifies an essential CODE resource (0); in addition to removing all the nVIR resources and CODE 256, you would have to open CODE 0 and unpatch it. It's possible, but I wouldn't do it myself while the various eradication programs can do it for me. Also: Vaccination is used to detect attempts to change or add important resources; it does not clean up any infections. /JBL - - UUCP: {backbone}!bbn!levin POTS: (617) 873-3463 INTERNET: levin@bbn.com
pv9y@vax5.CIT.CORNELL.EDU (01/15/89)
In article <34492@bbn.COM> levin@BBN.COM (Joel B Levin) writes: >I strongly recommend AGAINST trying to remove nVIR from an application >with ResEdit. nVIR modifies an essential CODE resource (0); in >addition to removing all the nVIR resources and CODE 256, you would >have to open CODE 0 and unpatch it. It's possible, but I wouldn't do >it myself while the various eradication programs can do it for me. Probably good advice unless you really know what you are doing. >Also: Vaccination is used to detect attempts to change or add >important resources; it does not clean up any infections. Nope. Vaccination comes in a package with Virus Warning INIT, which does that, but the Vaccination program gives you a file selector box in which you can select an infected program and have Vaccination remove the virus code. I've done it numerous times and checked with ResEdit. Vaccination's main problem is that it won't display system files, which can be infected, in that file selector box, so it won't dis-infect them. AntiPan does that fairly well though. > /JBL Adam Engst
levin@bbn.com (Joel B Levin) (01/16/89)
In article <17702@vax5.CIT.CORNELL.EDU> pv9y@vax5.cit.cornell.edu (PUT YOUR NAME HERE AND SMILE) writes: |In article <34492@bbn.COM> I wrote: |>Also: Vaccination is used to detect attempts to change or add |>important resources; it does not clean up any infections. | |Nope. Vaccination comes in a package with Virus Warning INIT, which does |that, . . . Ooops. Right, I was thinking of " Vaccine" when I wrote that; they are two different things. Sorry if anyone got confused. /JBL