JOHN P. BRADLEY (09/19/89)
Howdy!
Well it was bound to happen - why should we be any different? We
believe we have discovered a virus in our microcomputer lab. So far, we
have only found one contaminated diskette. This is a MAC station disk
used for booting a MAC to work with Appleshare. We ran VIRUS Rx and it
confirmed a user's suspicion. The report from VIRUS Rx detected the
presence of the SCORES virus (or so it seemed to indicate).
Has anyone else had a similar experience and could offer any ideas
on how to proceed? At present, we are beginning to check all station disks
and offering to check any user's disks for a virus. Next step, is
education of the users, hoping that this won't get out of hand.
Any ideas would be greatly appreciated.
==========================================================================
! John P. Bradley ! U.S. Mail : Hawkins Hall, Room 029 !
! Senior Programmer/Analyst ! SUNY !
! Computing Support Center ! Plattsburgh, NY 12901 !
! State University of New York ! (518) 564-4433 !
! College at Plattsburgh ! BitNet : BRADLEJP@SNYPLAVA !
! ! POSTMAST@SNYPLAVA !
==========================================================================consp11@bingvaxu.cc.binghamton.edu (09/20/89)
In article <0001.8909191859.AA09184@ge.sei.cmu.edu> JOHN P. BRADLEY writes: >... > Well it was bound to happen - why should we be any different? We >believe we have discovered a virus in our microcomputer lab. So far, we >have only found one contaminated diskette. This is a MAC station disk >used for booting a MAC to work with Appleshare. We ran VIRUS Rx and it >confirmed a user's suspicion. The report from VIRUS Rx detected the >presence of the SCORES virus (or so it seemed to indicate). >... I suggest you get your hands on a copy of the PD program Disinfectant. (I believe it's up to version 1.2, but 1.0 should work fine.) It will scan the disk, find, and eradicate the virus. - --Brett Kessler
mmccann@hubcap.clemson.edu (Mike McCann) (09/20/89)
In article <0001.8909191859.AA09184@ge.sei.cmu.edu>, JOHN P. BRADLEY writes: > Well it was bound to happen - why should we be any different? We > believe we have discovered a virus in our microcomputer lab. So far, we > have only found one contaminated diskette. This is a MAC station disk > used for booting a MAC to work with Appleshare. We ran VIRUS Rx and it > confirmed a user's suspicion. The report from VIRUS Rx detected the > presence of the SCORES virus (or so it seemed to indicate). > Has anyone else had a similar experience and could offer any ideas > on how to proceed? At present, we are beginning to check all station disks > and offering to check any user's disks for a virus. Next step, is > education of the users, hoping that this won't get out of hand. Our Macintosh labs were hit rather hard by the Scores virus quite some time ago and the steps we took to get rid of the virus seemed to work rather well: 1) Remove the virus from all infected hard drives and boot diskettes with a good anti-virus program like Disinfectant (I only wish it was available then). 2) Place a memory resident anti-virus program (like Vaccine or GateKeeper) on all hard drives and boot diskettes. 3) Examine every diskette a student brings into the lab to use on the computers. It only takes a few seconds to scan a floppy disk and the user is usually happy to know that all of his/her disks are virus free. 4) Continue to scan all hard drives and boot diskettes for viruses on a regular basis for a while (not all students think it is important that you check all of their diskettes). 5) Distibute copies of anti-virus program to the users. Most ShareWare anti-virus programs are free and perform better than any commercial anti-virus programs that I have tested (my personal preferences are toward Disinfectant and Vaccine). This should help keep your labs virus free. Hope this helps, - -- Mike McCann (803) 656-3714 Internet = mmccann@hubcap.clemson.edu Poole Computer Center (Box P-21) UUCP = gatech!hubcap!mmccann Clemson University Bitnet = mmccann@clemson.bitnet Clemson, S.C. 29634-2803 DISCLAIMER = I speak only for myself.
shull@scrolls.wharton.upenn.edu (Christopher E. Shull) (09/20/89)
In article <0001.8909191859.AA09184@ge.sei.cmu.edu> JOHN P. BRADLEY writes
that he has found the Macintosh Scores virus, and asks about how to proceed
with eradication and user education.
Since the Decision Sciences Department teaches the largest Mac-based
course at the University of Pennsylvania, we have taken the lead in
user education. Who else on campus has a captive audience of >600
students each year? :-) Our instructors encourage students to drop
Vaccine 1.1.1 into their system folders (explaining that it was like
practicing safe sex, but less intrusive). We also taught them how to
use Disinfectant 1.2. Although we resent having to take time from
teaching to cover this, the peace of mind of the students is well
worth the effort. Furthermore, the hot-line and walk-in consulting
staff have many fewer problems since students are encouraged to pass
along the programs and the minimal knowledge required to use them.
If we didn't have a captive "seed" group, I would probably try to run
some special noon-time seminars on Mac virus detection, removal, and
prevention.
We are just now trying to get offices which have frequent contact with
student diskettes to go further than just protecting themselves, and
perform first tier advice to their "clients". (In some cases, we are
still trying to get them to protect themselves -- one Mac II user I
worked with yesterday had 44 nVIR A and B infections on his hard disk,
and didn't have the foggiest idea!)
At the very least, the latest versions of the tools mentioned above,
plus GateKeeper (for sophisticated users) should be readily available
in a well publicized location. (My teaching lab remains the only one
on campus. :-( )
Good luck,
- -Chris
Christopher E. Shull shull@scrolls.wharton.upenn.edu
Decision Sciences Department shull@wharton.upenn.edu
The Wharton School University of Pennsylvania
Philadelphia, PA 19104-6366 215/898-5930
- ---------------------------------------------------------------------------
"Damn the torpedoes! Full speed ahead!" Admiral Farragut, USN, 1801-1870
- ---------------------------------------------------------------------------henry@att.att.com (09/21/89)
In article <0001.8909191859.AA09184@ge.sei.cmu.edu> JOHN P. BRADLEY writes: > Well it was bound to happen - why should we be any different? We >believe we have discovered a virus in our microcomputer lab. >education of the users, hoping that this won't get out of hand. ...[stuff deleted]... > Any ideas would be greatly appreciated. John - The first thing I recommend is to pick up Disinfectant 1.2 by John Norstad of Northwestern University. It is available from a number of places such as BBSs and Mac Users' Groups as well as FTP. Read the documentation that comes with it, especially his recommendations. He explains the policy they use at Northwestern to combat viruses. This will allow you to find and remove existing viruses. Note that you should replace infected files with known clean copies whenever possible, rather than disinfecting. Use this on a regular basis! To help prevent future infections, get a Virus prevention INIT such as Vaccine, or GateKeeper. Prevention INITs also come with commercial packages as well. Put a copy on every Startup disk you can find. Note this will not help in cases where users bring in their own startup disks (like myself). It will definitely help to educate your users. Might I recommend (here comes the commercial :-) my HyperCard stack Virus Encyclopedia. It is available from the same places as Disinfectant (I'm not sure about FTP, I'm working on that) and also BudgetBytes and Educorp. I wish you success in fighting viruses. Henry C. Schmitt Author of Virus Encyclopedia H3nry C. Schmitt | CompuServe: 72275,1456 (Rarely) | GEnie: H.Schmitt (Occasionally) Royal Inn of Yoruba | UUCP: Henry@chinet.chi.il.us (Best Bet)
BACHNER@FRCITI51.BITNET (09/06/90)
Does somebody have an idea how to manage with WDEF, a virus infecting DESKTOP on MACs. Lucien Bachner Paris France. Thank you