Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!know!zaphod.mps.ohio-state.edu!swrinde!ucsd!pacbell.com!decwrl!hayes.fai.alaska.edu!accuvax.nwu.edu!acns.nwu.edu!jln
From: jln@acns.nwu.edu (John Norstad)
Newsgroups: comp.sys.mac.system
Subject: Re: Question about WDEF-A and Disinfectant (2.0) Init
Message-ID: <10266@accuvax.nwu.edu>
Date: 31 Jul 90 20:46:32 GMT
References: <1990Jul31.171614.2042@phri.nyu.edu>
Sender: news@accuvax.nwu.edu
Organization: Northwestern University
Lines: 27

In article <1990Jul31.171614.2042@phri.nyu.edu> roy@alanine.phri.nyu.edu 
(Roy Smith) writes:
>  Somebody just brought me a floppy (800k, I think) that she
> claims was infected by one of the Disinfectant protected public machines.
> When I put the floppy in my machine, Disinfectant Init didn't catch it, 
but
> when I scanned it with Disinfectant 2.0 (the application), it did indeed
> say it was infected with WDEF-A.

Disinfectant does not attempt to scan floppies when they are inserted.  It 
instead catches viruses at the point of initial attack.  Simply inserting 
a WDEF-A infected floppy will not wake up the Disinfectant INIT.  You must 
open the floppy's main Finder window or do something else to cause the 
virus to attack your system.  At this point the INIT will detect the 
virus, temporarily neutralize it, and inform the user.

It's a common misconception that the WDEF virus attacks immediately when 
an infected floppy is inserted in a drive.  This is not true.

If the original Mac was indeed protected by the Disinfectant INIT, then I 
doubt very much that the user's floppy was infected by that Mac.  Did you 
check the original Mac to see if it was in fact infected?

John Norstad
Academic Computing and Network Services
Northwestern University
jln@acns.nwu.edu