crouse@uxh.cso.uiuc.edu (09/23/88)
Virii at the U of I part II Thanks for all the responses to note 230. We are lead to belive that the Sneak virus that interferon 2.24 is showing is not a virus at all, but a bug in release 6.0 from Apple. To clarify the problem here, we are a Mac/IBM micro lab at the University of Illinois, that has 26 Mac SE w/hard drives and several PS-2/30s. We run Interferon 2.24 and have just upgraded to release 3.0. We try to check every user's disk as they come into the lab, at the end of every day we check each machine with Interferon for infections. The problem is that users tend to slip by the check station or will not produce all the disks they have. This is how the machines are being infected. We had the Scores virus in the Spring of 88 and thought it was under control, now that the Fall semester has started Scores as well as nVir are showing up in full strength. We have not seen any virus on the DOS machines yet. We have an infected MAC-SE with nVir now and are using Resedit to determine what is going on with the code structure. A symptom of nVIR is,the system locking up and problems with the Finder. The problem with Interferon is that it will not ckeck HFS disks so we run Kill Scores also. Any related information or questions about this serious problem will be very welcomed. Send reponses to crouse@uxh.cso.uiuc.edu James Crous Mgr. Micro Lab Illini Union Site University of Illinois
alexis@dasys1.UUCP (Alexis Rosen) (09/25/88)
In article <20200006@uxh.cso.uiuc.edu> crouse@uxh.cso.uiuc.edu writes: > Virii at the U of I part II > Thanks for all the responses to note 230. > We are lead to belive that the Sneak virus that interferon 2.24 > is showing is not a virus at all, but a bug in release 6.0 from > Apple. This is a virtual certainty. I believe this matter was discussed a month or two ago. > We have an infected MAC-SE with nVir now and are using Resedit > to determine what is going on with the code structure. A symptom > of nVIR is,the system locking up and problems with the Finder. > The problem with Interferon is that it will not ckeck HFS disks > so we run Kill Scores also. This is not correct. I was just infected last week; Interferon 2.0 (earlier than the version you use) has no problems with HFS on either hard disks or floppies. Did you mean MFS? At any rate, before you waste a lot of time playing with nVIR I suggest you read Chris Borton's excelent article on it; he just wrote about it recently, and mentioned where you could get a copy. One thing to check- what is the size of the CODE 256 resources created by nVIR? ---- Alexis Rosen {allegra,philabs,cmcl2}!phri\ Writing from {harpo,cmcl2}!cucard!dasys1!alexis The Big Electric Cat {portal,well,sun}!hoptoad/ Public UNIX Best path: uunet!dasys1!alexis