) (11/22/89)
In issue #246, Joel Glickman writes... >From: joel_glickman@MTS.RPI.EDU >Subject: Potential Virus? (Mac) >I have just recently noticed a problem on my Mac. After using Cricket >Graph I checked the last modified date and the program had just been >modified. After noting this, I began checking other programs and >found that my copy of Versaterm Pro was also being modified every time >I ran it. It was at that point that I checked these programs on other >people's Macs in the office and saw that these programs were not being >modified on some, while they were being modified on others.. I am >running Gatekeeper and Vaccine and have checked these programs with >Disinfectant and they report no trouble. >My question is: Should these programs modify themselves when I just >run them. All I do is run them and quit immediately and they are >modified??? Do you think I have a virus problem??? >Joel Glickman >Rensselaer Polytechnic Institute. Some programs DO modify themselves while running, the important thing to remember is that these modifications are usually made to the data fork of the application. Most virus detectors look only for attempts to write to resource forks. (I don't know about Gatekeeper, perhaps its author could let us know?) It still seems strange that other people were not experiencing the same problems as you, but that doesn't necessarily mean a virus. To quote Douglas Adams "DON'T PANIC", as many others do. Here are some things you can check: 1. The other people you are working with may have locked their copies of CG or Versaterm Pro, preventing them from being modified. 2. Make sure Vaccine is running, look in your control panel and see that the protection is turned on (incidentally, when you alter the preferences for Vaccine, the size of the file changes, since Vaccine has no "preferences" file) 3. Try replacing your cricket graph with someone else's, see if the problem persists. Likewise for Pro. 4. Try reinstalling your system, use the same release as those coworkers of yours who are not experiencing this phenomenon, again, see if the problem persists. These are just ideas, they're not carved in stone, but they may provide some insights... good luck! -- Chuck Seggelin Academic Computing Services SMU ACSCDS@SEMASSU.BITNET "Opinions expressed are MINE alone!!!!"