Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!srcsip!jhereg!andrew
From: andrew@jhereg.Minnetech.MN.ORG (Andrew Esh)
Newsgroups: comp.sys.mac
Subject: VIRUS OUTBREAK in MAC BINARIES!
Summary: I found an infection after downloading
Message-ID: <107@jhereg.Minnetech.MN.ORG>
Date: 1 Sep 89 15:10:30 GMT
References: <20982.24F8D5E1@cmhgate.FIDONET.ORG> <697@anagld.UUCP> <123914@sun.Eng.Sun.COM> <945@mrsvr.UUCP>
Reply-To: andrew@jhereg.Minnetech.MN.ORG (Andrew Esh)
Organization: Minnetech Consulting, Inc., Mpls, MN
Lines: 21


	After downloading a number of files and playing aournd with them,
I started MandelZot.  It put up a dialog saying that the 'Safety Seal' had
been broken, and that there was a possible viral infection.  "Disinfectant"
showed me that there was a medium sized infection on my hard disk, starting
with the Finder.  It occurred on the same day I downloaded from mac.binaries,
and I don't think I ran any other software.
	I re-downloaded a few files and ran them, scanning for viri in between
run, but was unable to determine which file it is.  The virus is nVIR A, and
can be easily cleaned up with the normal tools.  I already checked Truchet,
Tile, Oliver's Buttons, Sphere Demo, Menu Madness, and the Converter DA.
The virus may still be hidden in those somewhere, triggering later than
my test check took.
	The interesting thing about all of this is the MandelZot app with it's
'Safety Seal' that detects infections.  Could the author of that code kindly
post it so it can be incorporated into more applications?  Usually my defenses
are in better shape, so normally this wouldn't have infected my disk, but
it was nice to receive a little extra help from an unexpected source.  Thanks,
MandelZot, and please post.

						- Andrew