Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!uwm.edu!zaphod.mps.ohio-state.edu!ub!uhura.cc.rochester.edu!rochester!udel!haven!adm!cmcl2!lanl!rbc
From: rbc@lanl.gov (Robert B. Calhoun)
Newsgroups: comp.sys.mac.misc,lanl.mac
Subject: A possible new virus.
Keywords: mac virus Virex 2.7
Message-ID: <60814@lanl.gov>
Date: 22 Aug 90 15:21:50 GMT
Distribution: na
Organization: Los Alamos Natl Lab, Los Alamos, N.M.
Lines: 52

I suspect that my Mac II is infected with a new virus.  I have tried
cleaning it with Virex 2.7, which removed a WDEF virus from the
desktop but this fails to stop the problem.  Symptoms are as follows:
Files disappear from the finder display, but don't actually seem to be
gone.  I can't access them, but an attempt to copy a file with the
same name as a deleted file gives a "duplicate file name" error.  No
disk space has been freed up.  The attack is concentrated on the
system folder and the utilities folder, with little damage elsewhere.
Documents don't seem to be affected much but applications, cdevs, and
inits are.  Files seem to disappear in reverse alphabetical order.

The computer hasn't had any hardware problems that I know of, so I
suspect a virus.  Virex 2.7 doesn't see it; I think it may be possible
that I have a virus designed to avoid detection by Virex.  A Virex
scan turns up nothing after the first removal of WDEF virus, and
"record/scan" option picked up nothing unusual...except that the last
run said
The following files were removed from the "Record/Scan" file.

Finder
!DeskPict
Appleshare
Laserwriter
etc.

Although the system file and finder are gone, the computer boots ok.
It is as if files are deleted on a high level but still exist at a
very low level so that the mac can still start itself.  (I can still
print, without a Laserwriter file).

At this point I'm pretty tempted to re-initialize the disk.  Has
anyone experienced something like this before?  If it is a virus, it
is a pretty damn nasty one.

Possible sources:
many people use this computer so their are many possible sources of
contamination.  I'm not trying to incriminate any applications, but I
downloaded the following things from the info-mac archives at
sumex-aim, stanford.
giffer 1.06
dT calculator (DA)
several gif files (apollo,astronaut,monument valley)
programmer's key init
dinosaurs hypercard stack
nuke snake (a game)
binhex 4.0
lunar lander (a game)
some gif package which included giffer 1.0 and documentation.
I think that is it, but I can't really look back and see anymore! :-(

Any advice would be appreciated.  Thanks,
Robert Calhoun