gutman@manta.nosc.mil (Lewis M. Gutman) (05/30/89)
I'm not sure I'm having a virus problem, but I wanted to check if anyone has had similar experiences. After attending a virus seminar, I went back and checked my Mac II, and noticed that the System file had been modified earlier that day. I ran Interferon 3.1 and it showed a virus type 003 in my TOPS file. The Interferon documentation says that virus type 003 is the "SNEAKS" virus, and that this virus affects the INITs in the System folder. There are only 6 INITs in my System folder, one for each of the three TOPS files: TOPS, SOFTTALK, and SPOOL. EasyAccess has three INITs. I ran ResEdit over all the INITs and couldn't find any strings like "Evil Wizard," or anything else overtly suspicious. Another symptom: I've been running Gatekeeper in Notify Only mode for the past month, and whenever I bring up the machine, it gives warnings for SPOOL and TOPS. I've ignored those messages, thinking that TOPS (and SPOOL) were just performing some misinterpretted, but legal operation. Anyone having similar experiences? Am I infected? Thanks. Lew Gutman Naval Ocean Systems Center San Diego, Ca. (619) 553-4958 <gutman@manta.nosc.mil>
dplatt@coherent.com (Dave Platt) (05/31/89)
> After attending a virus seminar, I went back and checked my Mac II, > and noticed that the System file had been modified earlier that day. > I ran Interferon 3.1 and it showed a virus type 003 in my TOPS file. > The Interferon documentation says that virus type 003 is the "SNEAKS" > virus, and that this virus affects the INITs in the System folder. > There are only 6 INITs in my System folder, one for each of the three > TOPS files: TOPS, SOFTTALK, and SPOOL. EasyAccess has three INITs. I > ran ResEdit over all the INITs and couldn't find any strings like > "Evil Wizard," or anything else overtly suspicious. Interferon has a tendency to report "sneak" infections in some cases in which it should not. I believe that recent versions of TOPS trigger this alert. I suggest that you download a copy of Disinfectant from the archives at SUMEX-AIM.Stanford.Edu and use it to scan your system. It is much less prone to false alarms, and will detect viruses that Interferon will miss. > Another symptom: I've been running Gatekeeper in Notify Only mode for > the past month, and whenever I bring up the machine, it gives warnings > for SPOOL and TOPS. I've ignored those messages, thinking that TOPS > (and SPOOL) were just performing some misinterpretted, but legal > operation. TOPS and a number of other useful INITs (e.g. the Moire screen-saver, the RAM Disk CDEV, etc.) tend to modify themselves. Open the Gatekeeper Control Panel window, flip the switch to "Settings", add these files to the applications/inits list (or select them, if they're already there) and then grant them "Res: self" permission. This will prevent the alerts from occurring when these INITs twiddle with their own resources, but it will prevent them from infecting other files if they are indeed virus-ridden. > Anyone having similar experiences? Am I infected? Yup. I don't believe so. > Thanks. You're welcome! - -- Dave Platt FIDONET: Dave Platt on 1:204/444 VOICE: (415) 493-8805 UUCP: ...!{ames,sun,uunet}!coherent!dplatt DOMAIN: dplatt@coherent.com INTERNET: coherent!dplatt@ames.arpa, ...@uunet.uu.net USNAIL: Coherent Thought Inc. 3350 West Bayshore #205 Palo Alto CA 94303