drew@cat18.CS.WISC.EDU (Shawn Drew) (11/30/88)
nVIR is back, and it's meaner than ever!
I think I've discovered a new strain/mutation of nVIR. This one seems to
change the name of some programs infected with old nVIR to "nVIR" while
changing the icon to the generic application icon. Also, the old nVIR
used CODE ID#32 in applications, the new nVIR uses CODE ID#256.
It is not stopped by KillVirus! KillVirus doesn't even notice it! This
may be do to the new CODE ID#. The only way to stop it that I know of
is to get in there with ResEdit and yank it out! Install a nVIR resource
of ID#10, (name it "nVIR Inhibitor" for your own peace of mind) and replace
the code of CODE ID#256 with $4E75.
You have been warned!
Disclaimer: The opinions expressed in this article do not represent
those of my employer. They're for sale, if you want them.
drew@cat18.cs.wisc.edu
Does the name Pavlov ring a bell? ll12+@andrew.cmu.edu (Laura Ann Lemay) (11/30/88)
Shawn Drew says: > >I think I've discovered a new strain/mutation of nVIR. This one seems to >change the name of some programs infected with old nVIR to "nVIR" while >changing the icon to the generic application icon. Also, the old nVIR >used CODE ID#32 in applications, the new nVIR uses CODE ID#256. >It is not stopped by KillVirus! KillVirus doesn't even notice it! This >may be do to the new CODE ID#. The only way to stop it that I know of >is to get in there with ResEdit and yank it out! Install a nVIR resource >of ID#10, (name it "nVIR Inhibitor" for your own peace of mind) and replace >the code of CODE ID#256 with $4E75. uhhhhh.... NVIR always uses CODE 256 in applications. And it always uses an INIT 32 in system files. No nVIR ever used a CODE 32 in applications. Are you sure you don't have something mixed up? When you say KillVirus didn't notice it, do you mean you were entirely infected by this new virus? KillVirus is a very sophisticated program. It doesn't search on just one or two resources, it does the whole sh-bang. I can't see it missing on ANY mutation of nVIR. Remember that KillVirus should be in your system folder, and that you have to RUN the infected program for KillVirus to get rid of it. Next question, is why didn't you have Vaccine? :-) -Laura Lemay ll12+@andrew.cmu.edu