wade@sdacs.ucsd.EDU (Wade Blomgren) (03/19/88)
An interesting thing...for some reason (I don't think it is related to the virus), when opening a System File with ResEdit while booted from that same system, a large number of resources INCLUDING 'nVIR' don't show up in the ResEdit resource list. Even stranger is the fact that although a certain number of INIT's show up, the INIT 32 from the virus does not show up. It is only when booted from another disk that I can see the virus related resources (as well as a number of other resources) in that system file. Does anybody know why this is? Anyway, check again from a separate boot disk - you may have the virus. I thought I was fine, but upon closer examination I found I was quite seriously affected. Also, note that the nVIR virus does seem to infect the Finder, the DA Handler, as well as normal (APPL type) applications. I don't know what the significance of this is as far as its ability to reproduce.. Wade Blomgren wade@sdacs.ucsd.edu or ..ucsd!sdacs!wade
alibaba@ucscb.UCSC.EDU (Alexander M. Rosenberg) (03/19/88)
Intreuging, Captain. Are you using MultiFinder? If you are, then the reason the resources don't show up is MultiFinder, otherwise, then something very interesting is going on... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ Alexander M. Rosenberg ~ INTERNET: alibaba@ucscb.ucsc.edu ~ Yoyodyne ~ ~ Crown College, UCSC ~ UUCP:...!ucbvax!ucscc!ucscb!alibaba~ Propulsion ~ ~ Santa Cruz, CA 95064 ~ BITNET:alibaba%ucscb@ucscc.BITNET ~ Systems ~ ~ (408) 426-8869 ~ Disclaimer: Nobody is my employer ~ :-) ~ ~ ~ so nobody cares what I say. ~ ~
msurlich@faui44.UUCP (Matthias Urlichs ) (03/28/88)
In article <502@sdacs.ucsd.EDU> wade@sdacs.ucsd.EDU (Wade Blomgren) writes: > when opening a System File with ResEdit while booted from > that same system, a large number of resources INCLUDING 'nVIR' > don't show up in the ResEdit resource list. This shows up under MultiFinder only, and with ResEdit prior to version 1.2. > Also, note that the nVIR virus does seem to infect the Finder, the > DA Handler, as well as normal (APPL type) applications. The virus patches TEInit(). So every program that calls this trap gets infected. -- Matthias Urlichs CompuServe: 72437,1357 Delphi: URLICHS Rainwiesenweg 9 8501 Schwaig 2 "Violence is the last refuge West Germany of the incompetent." -- Salvor Hardin