asqe-y-v-ssi@stuttgart-emh1.army.mil (Dale Jones) (12/06/90)
I would like to comment on Mr. Ed Murphy's comment that - "You can get rid of virus by rebuilding the Desktop on your hard disk (which is where it resides)." I also had problems with WDEF A on my MAC SE with 100mb Jasmine backpack hard drive. After following several messages I contacted < coherent!dplatt@ames.arc.nasa.gov (Dave Platt) > and he advised me to reboot with a "clean" boot disk then run Disinfectant on the System folder on the hard disk. I then installed Disinfectant Protection and now I know my hard disk is clean. This also immediately notifies me about a possible WDEF infection on any floppy I open. I'm fairly new to the Mac side of the house but with my short experience I discovered that rebuilding the Desktop did not rid my hard disk of the WDEF virus. To my surprise I discovered that Norton Disk Dr. and SAM both notified me of a possible virus however, they did not completely eradicate it from the System folder. Maybe if I'd have booted from a virus free disk, then ran Norton Disk Dr. or SAM I would have had the same results as with Disinfectant. Please be careful with your very broad statement of "You can get rid of virus by rebuilding the Desktop on your hard disk (which is where it resides)." Dale Jones Chief, Information Center, 589th Signal Company Stuttgart Germany
jbotz@MHC.bitnet (12/07/90)
with regard to: > VIRUS-L Digest Thursday, 6 Dec 1990 Volume 3 : Issue 196 > Date: Thu, 06 Dec 90 11:21:27 +0700 > From: Dale Jones <asqe-y-v-ssi@stuttgart-emh1.army.mil> > Subject: WDEF-A Response (Mac) > I would like to comment on Mr. Ed Murphy's comment that - > "You can get rid of virus by rebuilding the Desktop on your > hard disk (which is where it resides)." I agree with Mr. Ed Murphy. You can get rid of the WDEF virus by rebuilding the Desktop on your hard disk. HOWEVER... you have to keep in mind that just inserting another (infected) floppy disk can re-infect you. The WDEF virus, and other implied-loader viruses which reside in the Desktop file are probably the most infecectious disk-based viruses ever. This is because merely inserting a disk can cause infection. This makes WDEF & MDEF the fastest spreading and most common viruses in the Mac world. Fortunately they are easy to guard agains: use the Freeware program "Gatekeeper Aid" which can be run without "Gatekeeper" and can be used in addition to most (all?) other virus protection programs. Gatekeeper Aid intercepts and removes WDEF & other Desktop-file implied loader viruses on contact, ending the nuisance of this type of virus once and for all. > I'm fairly new to the Mac side of the house but with my short > experience I discovered that rebuilding the Desktop did not > rid my hard disk of the WDEF virus. To my surprise I discovered > that Norton Disk Dr. and SAM both notified me of a possible virus > however, they did not completely eradicate it from the System folder. > Maybe if I'd have booted from a virus free disk, then ran > Norton Disk Dr. or SAM I would have had the same results > as with Disinfectant. My guess is that you were infected with two viruses (or more?) viruses, or have other damage to your system which looks like an infection. SAM always identifies implied loader viruses and wouldn't notify you of a "possible virus" when there's a WDEF infection, it'd inform you of a "WDEF infection" -- unless you have an ancient version of SAM in wich case it shouldn't notice a WDEF infection at all. > Please be careful with your very broad statement of "You can get rid > of virus by rebuilding the Desktop on your > hard disk (which is where it resides)." It's still true, but insufficient. In the same digest your message was published in, somebody else was saying how using virus disinfectant programs is never enough in the PC world and that one should always replace the files from backups. Well, in the Mac world the opposite is true... always use one of the leading virus removal programs, don't rely on any other method. It's been said before, here, and I'll repeat it. THE way to deal with Mac viruses is by using the EXCELLENT freeware programs Gatekeeper, Gatekeeper Aid, and the latest version of Disinfectant and the Disinfectant INIT. Only a very exotic and brandnew virus could get past these, and the authors, who deserve to be showered with medals have a track record of updating their programs in record time -- usually within days of the isolation of a new virus. > Dale Jones > Chief, Information Center, 589th Signal Company > Stuttgart Germany ___________________________ Jurgen Botz, Academic Software Consultant Academic Computing internet: JBotz@MHC.bitnet Mount Holyoke College Compuserve: 70531,600 South Hadley, MA 01075 Voice: 413-538-2375
jalden@eleazar.dartmouth.edu (Joshua M. Alden) (12/08/90)
asqe-y-v-ssi@stuttgart-emh1.army.mil (Dale Jones) writes: >Please be careful with your very broad statement of "You can get rid >of virus by rebuilding the Desktop on your >hard disk (which is where it resides)." > >Dale Jones >Chief, Information Center, 589th Signal Company >Stuttgart Germany I think the problem here is that you must re-build the Desktop and then make sure the virus is not active in memory. To do that, simply re-start. You CAN get rid of WDEF by re-building the Desktop; we do it here all the time. But WDEF is a persnickity little thing, and it spreads quickly back to your hard drive from any floppies you have that still have it, and from anyone else's infected floppy, all at the insertion of the disk. We recommend GateKeeper Aid to our users. It completely removes WDEF whenever it sees it; no action on the part of the user is necessary. So you throw GateKeeper Aid in your System folder, re-boot, and insert all your floppies once, and you know you haven't got WDEF, and that you can't get it again as long as you've got GateKeeper Aid. - -Josh Alden, Virus Consultant, User Services, Dartmouth College. - -- /--------------------------------------------------+-------------------------\ |Josh Alden, Consultant, Kiewit Computation Center | HB 48, Dartmouth College| | Private mail: Joshua.Alden@dartmouth.edu | Hanover, NH 03755 | | Virus mail: Virus.Info@dartmouth.edu | (802) 295-9073 |