jap2_ss@uhura.cc.rochester.edu (Joseph Poutre) (10/03/89)
Here is a further report on the possible virus at the U of R. The student consultants at the University computing center made copies of programs they believed infected and sent them to our computer center. I had an infected copy of Macwrite 5.01 for a while., where I discovered the added STR and the changed ICN. I have had reports of Macwrite II being attacked, but the info I have is inconplete. I am still trying to get another infected program, but I am never around when an infected disk is found. When I get one those that requested a copy will be sent one via email, if it works. The infected System on the consultants' hard drive is 6.0.2, and the only symptom it has shown so far is the "Last Modified" date and time change at irregular intervals, including this morning. I was able to induce a change by repeatedly doing a Get Info on the system. The virus probably found its way onto the disk when a consultant put recovered files from a disk showing what may be sysmptoms of the virus onto the hard drive. Vaccine is installed in teh System folder, and did nothing. The system also has NVIR immunity. The applications known to be attacked, so far, are Macwrite 5.01, Macwrite II, the System and its associated files. All of them, even the clipboard. I just watched to Last Modified date change on Laserwriter change during a copy. (Needless to say the consultants are working on replacing and File Locking everything. This appears to protect against the virus.) I will obtain copies of the infected stuff and try to do some comparisons using Resedit. To repeat, Disinfectant 1.2 has no effect, and Vaccine does not protect against it, at least from infecting within a disk. I plan to spend today working with infected and non-infected programs, and report my findings, and those of the others working on tis problem. Joseph Poutre (The Mad Mathematician) jap2_ss@uhura.cc.rochester.edu Understand the power of a single action. (R.E.M.)