Xref: utzoo comp.sys.mac.apps:4385 comp.sys.mac.wanted:2872 Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!uwm.edu!psuvax1!psuvm!gfx From: GFX@psuvm.psu.edu Newsgroups: bit.listserv.macvirus,comp.sys.mac.apps,comp.sys.mac.wanted Subject: My mac is infected -- what to do? Message-ID: <91064.094356GFX@psuvm.psu.edu> Date: 5 Mar 91 14:43:56 GMT Organization: Penn State University Lines: 40 My older son has tried a game on my machine. He installed his own system file on my hard drive and restarted the mac, thus defeating Gatekeeper and GK Aid. Here are a few facts: o the virus interacts with Gatekeeper aid. If I do not put GK Aid on my drive, there are very few sides effects, so far. IF GK Aid is in, I'll get the "Desktop needs to be rebuilt" message each time I boot, or re-enters the Finder. o the virus is undetectable by Disinfectant 2.4 . I get, however several warnings of either kind: (a) "the resource fork is damaged or in an unknown format..."; (b) "not enough memory to check." 10 files trigger either message. o Gatekeeper doesn't appear to notice anything o For at least one application (Disinfectant), I cannot change the application size in the Get Info window. When I close the window I get an error [-199] Other applications are unaffected. o If I use MacSnoop or resEdit to look into the desktop, I get an error [-49] and a message tells me that the file is already opened with write permission o If GK Aid is in my system folder and I rebuild the desktop, trying to look into the desktop is likely to crash my machine. o If GK Aid is in my system, at least three applications are useless -- I get error [-199] if I doubleclick or otherwise activate them. I'd appreciate any help in getting rid of this thing, or advice in how to manage the infection. My back-up files appear to have been infected. I do not fear much for the applications, but some documents are very important. I use a IIci 8/105 (Rodime's Cobra) with 6.1.5 / 6.0.5 Thanks, Stephane