aslakson@cs.umn.edu (Brian Aslakson) (11/03/90)
clouds@ccwf.cc.utexas.edu (Kathy Strong) writes: >In article <...> wiseman@tellabs.com (Jeff Wiseman) writes: >>was this init that we had installed for a while that put a picture of Garfield >>the cat by a garbage can saying "I hate IBM" on the screen (in color) at >>startup. I think the name of the init was "color garfield" or something like >Garfield is definitely a virus--I believe it's a variant of WDEF. The *most* >recent version of Disinfectant should kill it. Unfortunately, I can't tell >you what version number that is--they update it so quickly and so often. Just because a program (init, etc) has a name with Garfield in it doesn't make it a virus. OKAY? In fact, a virus doesn't come AS an application (that's a trojan horse) but attached TO an application. I suppose a trojan horse could launch a virus, but I haven't heard of this happening. Garfield is another name for the MDEF-A (so far there are A, B, and C versions known) virus. The latest Disinfectant catches the C version (and the author of the virus has been caught. I want his name and address.) MDEF is a normal type of resource, so don't worry if you see such a thing while poking around with utilities. Disinfect is currently at 2.3 unless something has been posted in the last 2 hours. Gatekeeper is currently at 1.1.1, and Gatekeeper Aid at 1.0.2. I would like to find that Garfield init. Any leads? -- Brian Aslakson aslakson@cs.umn.edu mac-admin@cs.umn.edu <-= Macintosh related
clouds@ccwf.cc.utexas.edu (Kathy Strong) (11/05/90)
In article <1990Nov3.080223.17090@cs.umn.edu> aslakson@cs.umn.edu (Brian Aslakson) writes: > >Just because a program (init, etc) has a name with Garfield in it doesn't >make it a virus. OKAY? > Certainly, okay. BUT... the only time I have ever encountered the Garfield VIRUS, it was attached to the Garfield INIT. I've never seen the init without the virus, and I've never seen the virus without the init. My assumption (perhaps wrong, but not unreasonable) was that the virus was being distributed via the init. Hence, my advice to the original poster to get rid of it. Brian also points out that Garfield is MDEF-A, not a WDEF variant, as I had guessed (from memory--my mistake!); and that the current version of Disinfectant is indeed 2.3. Heh, well, that's the version I have, but I was being cautious--I didn't KNOW, so I didn't want to SAY. :-) So, three morals to this story, I guess: * It's unwise to rely entirely on memory for informative postings. * A posting that seems to be mistaken may have some reason behind it after all. * It would be smart to check the Garfield init BEFORE putting it on your system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Kathy Strong : "Welcome to FUBAR Corp., where there's (Clouds moving slowly) : never enough time to do a job right, clouds@ccwf.cc.utexas.edu : but always enough time to do it over."
wiseman@tellabs.com (Jeff Wiseman) (11/06/90)
In article <39130@ut-emx.uucp> clouds@ccwf.cc.utexas.edu (Kathy Strong) writes: >In article <1990Nov3.080223.17090@cs.umn.edu> aslakson@cs.umn.edu (Brian >Aslakson) writes: >> >>Just because a program (init, etc) has a name with Garfield in it doesn't >>make it a virus. OKAY? >> >Certainly, okay. BUT... the only time I have ever encountered the Garfield >VIRUS, it was attached to the Garfield INIT. I've never seen the init without >the virus, and I've never seen the virus without the init. My assumption I was the original poster. unfortunatly, I have checked the system with disinfectant 2.3 and found nothing. Obviously and "piece" of this init is still around somewhere or it would not be showing up in the file types in my folders. Any idea where this is coming from? -- Jeff Wiseman: ....uunet!tellab5!wiseman OR wiseman@TELLABS.COM
Sundar_Prasad@mtsg.ubc.ca (Sundar) (11/06/90)
clouds@ccwf.cc.utexas.edu (Kathy Strong) writes: > '...Certainly, okay. BUT... the only time I have ever encountered the > Garfield VIRUS, it was attached to the Garfield INIT. I've never seen the > init without the virus, and I've never seen the virus without the init.....' We've been using that 'I hate IBM' Garfield startup screen (do they classify as INITS too ?) for more than a year now, and Disinfectant (v. 2.3 included) has NEVER found any problems. Sundar_Prasad@mtsg.ubc.ca <Internet> userffa3@ubcmtsg <Bitnet> Civil Engineering UBC, Vancouver V6T 1W5 CANADA