[comp.sys.mac] nVIR virus - you may think you don't have it...

wade@sdacs.ucsd.EDU (Wade Blomgren) (03/19/88)

An interesting thing...for some reason (I don't think it is related to
the virus), when opening a System File with ResEdit while booted from
that same system, a large number of resources INCLUDING 'nVIR'
don't show up in the ResEdit resource list. Even stranger is the fact
that although a certain number of INIT's show up, the INIT 32 from
the virus does not show up.  It is only when booted from another disk 
that I can see the virus related resources (as well as a number of 
other resources) in that system file. Does anybody know why this is?

Anyway, check again from a separate boot disk - you may have the virus.  
I thought I was fine, but upon closer examination I found I was quite 
seriously affected.

Also, note that the nVIR virus does seem to infect the Finder, the
DA Handler, as well as normal (APPL type) applications. I don't know 
what the significance of this is as far as its ability to reproduce..


Wade Blomgren
wade@sdacs.ucsd.edu  or ..ucsd!sdacs!wade

alibaba@ucscb.UCSC.EDU (Alexander M. Rosenberg) (03/19/88)

Intreuging, Captain. Are you using MultiFinder? If you are, then the
reason the resources don't show up is MultiFinder, otherwise, then
something very interesting is going on...


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~  Alexander M. Rosenberg  ~ INTERNET: alibaba@ucscb.ucsc.edu   ~ Yoyodyne    ~
~  Crown College, UCSC     ~ UUCP:...!ucbvax!ucscc!ucscb!alibaba~ Propulsion  ~
~  Santa Cruz, CA 95064    ~ BITNET:alibaba%ucscb@ucscc.BITNET  ~ Systems     ~
~  (408) 426-8869	   ~ Disclaimer: Nobody is my employer  ~ :-)         ~
~			   ~ so nobody cares what I say.	~	      ~

msurlich@faui44.UUCP (Matthias Urlichs ) (03/28/88)

In article <502@sdacs.ucsd.EDU> wade@sdacs.ucsd.EDU (Wade Blomgren) writes:
> when opening a System File with ResEdit while booted from
> that same system, a large number of resources INCLUDING 'nVIR'
> don't show up in the ResEdit resource list.
 
 This shows up under MultiFinder only, and with ResEdit prior to version 1.2.

> Also, note that the nVIR virus does seem to infect the Finder, the
> DA Handler, as well as normal (APPL type) applications.

The virus patches TEInit(). So every program that calls this trap gets
infected.

-- 
Matthias Urlichs              CompuServe: 72437,1357  Delphi: URLICHS
Rainwiesenweg 9
8501 Schwaig 2                "Violence is the last refuge
West Germany                            of the incompetent." -- Salvor Hardin