GFX@psuvm.psu.edu (03/05/91)
My older son has tried a game on my machine. He installed his own system file
on my hard drive and restarted the mac, thus defeating Gatekeeper and GK Aid.
Here are a few facts:
o the virus interacts with Gatekeeper aid. If I do not put GK Aid
on my drive, there are very few sides effects, so far. IF GK Aid
is in, I'll get the "Desktop needs to be rebuilt" message each
time I boot, or re-enters the Finder.
o the virus is undetectable by Disinfectant 2.4 . I get, however
several warnings of either kind: (a) "the resource fork is
damaged or in an unknown format..."; (b) "not enough memory to
check." 10 files trigger either message.
o Gatekeeper doesn't appear to notice anything
o For at least one application (Disinfectant), I cannot change the
application size in the Get Info window. When I close the window
I get an error [-199] Other applications are unaffected.
o If I use MacSnoop or resEdit to look into the desktop, I get an
error [-49] and a message tells me that the file is already
opened with write permission
o If GK Aid is in my system folder and I rebuild the desktop,
trying to look into the desktop is likely to crash my machine.
o If GK Aid is in my system, at least three applications are
useless -- I get error [-199] if I doubleclick or otherwise
activate them.
I'd appreciate any help in getting rid of this thing, or advice in how to
manage the infection. My back-up files appear to have been infected. I do
not fear much for the applications, but some documents are very important.
I use a IIci 8/105 (Rodime's Cobra) with 6.1.5 / 6.0.5
Thanks,
Stephanelevin@BBN.COM (Joel B Levin) (03/06/91)
In article <91064.094356GFX@psuvm.psu.edu> you write: | o the virus interacts with Gatekeeper aid. If I do not put GK Aid | on my drive, there are very few sides effects, so far. IF GK Aid | is in, I'll get the "Desktop needs to be rebuilt" message each | time I boot, or re-enters the Finder. | | o the virus is undetectable by Disinfectant 2.4 . I get, however | several warnings of either kind: (a) "the resource fork is | damaged or in an unknown format..."; (b) "not enough memory to | check." 10 files trigger either message. | | o For at least one application (Disinfectant), I cannot change the | application size in the Get Info window. When I close the window | I get an error [-199] Other applications are unaffected. | | o If I use MacSnoop or resEdit to look into the desktop, I get an | error [-49] and a message tells me that the file is already | opened with write permission These problems indicate that the first thing you have to do is reboot WITHOUT Multifinder. Then you can look at the desktop; then Disinfectant can run properly (and you may need to capture a fresh copy, if it detects problems within itself). Scanning and especially disinfecting under Multifinder leads to questionable results, in any case. See the instructions in Disinfectant's help window. /JBL == Nets: levin@bbn.com | "How does a mouse let me move the cursor anywhere or {...}!bbn!levin | I want?" "What are address busses?" "How do pots: (617)873-3463 | icons work?" --Time-Life Books
pandy@vipunen.hut.fi (Pandy Holmberg) (03/08/91)
In article <91064.094356GFX@psuvm.psu.edu> GFX@psuvm.psu.edu writes:
o the virus interacts with Gatekeeper aid. If I do not put GK Aid
on my drive, there are very few sides effects, so far. IF GK Aid
is in, I'll get the "Desktop needs to be rebuilt" message each
time I boot, or re-enters the Finder.
o the virus is undetectable by Disinfectant 2.4 . I get, however
several warnings of either kind: (a) "the resource fork is
damaged or in an unknown format..."; (b) "not enough memory to
check." 10 files trigger either message.
o Gatekeeper doesn't appear to notice anything
What do you mean by this?? GateKeeper is only supposed to veto any editing
attempts made on files you have told it to do so with.
o For at least one application (Disinfectant), I cannot change the
application size in the Get Info window. When I close the window
I get an error [-199] Other applications are unaffected.
This is normal. You are not supposed to be able to change the size of
Disinfectant for obvious reasons.
o If I use MacSnoop or resEdit to look into the desktop, I get an
error [-49] and a message tells me that the file is already
opened with write permission
The desktop file is always busy. (I might be misstaken. Could be that it
isn't under Finder.)
o If GK Aid is in my system folder and I rebuild the desktop,
trying to look into the desktop is likely to crash my machine.
o If GK Aid is in my system, at least three applications are
useless -- I get error [-199] if I doubleclick or otherwise
activate them.
I'd appreciate any help in getting rid of this thing, or advice in how to
manage the infection. My back-up files appear to have been infected. I do
not fear much for the applications, but some documents are very important.
I use a IIci 8/105 (Rodime's Cobra) with 6.1.5 / 6.0.5
Thanks,
Stephane
I don't think the main problem is a virus here. I would start by removing the
system, finder & multifinder files and replace them with uninfected backup
copies (preferably with system 6.0.7.). After that I would disinfect all
floppies (preferably on another "clean" Mac) and the hard disk.
Error -199 means "Map inconsistent with operation". This means that the
data in some of your files OR the directory information might have been
damaged. If this is the case you'll have to recover all possible files
using some disk aid tool, e.g. DiskAid or 1st Aid, copy them to floppies
and initialize your hard disk.
--
Tsaukki says
Pandy
--
"If you make people think they're thinking, they'll love you; but if you
really make them think they'll hate you."
*******************************************************************************
/! ! Andreas "Pandy" Holmberg pandy@hut.fi
/_!_! Helsinki University of Technology pandy@spiff.hut.fi
/ ! ! Faculty of Electrical Engineering pandy@otax.hut.fi
/ ! ! s37775d@taltta.hut.fi
*******************************************************************************st891456@pip.cc.brandeis.edu (Phil Marden) (03/08/91)
You should probably send E-mail to the the author of disinfectant at Northwestern. I believe the address is in the "about" box.