treeves@hpuxa.ircc.ohio-state.edu (Terry Reeves) (10/16/90)
first about ohio virus
it is a boot sector virus - lives only on 5.25 floppies.
Easily removed. Skulason's F-prot will do it and so will Mcaffee's
MDISK. What we did at Ohio state (not the home, but the discovery
point of this virus) was simply to recopy all infected application
disks in our labs. If a disk is bootable you can do even less work.
Boot with a clean copy of the version of dos on the infected disk.
Assuming dos disk in A: and infected disk in B:, at A> type SYS B: The
hidden dos files and the boot sector will be overwritten.
We then made sure all disks that could be write protected were.
This virus and the brain virus were found at the same time. By being
very strict about write protects (and even using notchless disks as
much as we can) we have no trouble with viruses on our floppies now.
For hard disks we licensed Skulason's F-prot. Very nice, very cheap.
About postscript trojan. Nobody seems to know its name or any
details, but this was all hashed out here a few weeks ago. Also, I
seem to have been hit by it.
Contrary to published reports (national mac magazines) no
hardware replacements are needed. There are FREE software fixes for
this. You are supposed to need to know the password to chnage the
password but the security has holes. The fix was posted to comp.virus.
By the way changeing the password is a bad idea. I have never
tried this on true post script pinter (our affected machine was a
Kyocera clone) but when it's password was change (by trojan or vandel)
it could not be printed to by such applications as Pagemaker and
Microsoft Word. The passord is not just for administrative functions -
at least not on Kyocera.
Unfortunately, the published fix would not work on this
postscript clone, but only on true postscript. After many phone calls
and help from Woody Baker & Zbigniew Fiedorowicz a fix was eventually
found. Amazingly the company that made it finaaly understood the
problem and found someone who knew how to fix it.
Apple charges $600 I think to fix this. Apple loves to rip off
customers. Apologies to them if they have never charged this.
[Ed. See message from bradley@vaxr.llnl.gov below.]
reeves.2@OSU.EDU
- --
_____________________________________________________________________________
| That's my story, and I'm sticking to it! |
|_____________________________________________________________________________|
| Microcomputer software support | Treeves@HPUXA.IRCC.OHIO-STATE.EDU |