Xref: utzoo comp.sys.mac.apps:4446 comp.sys.mac.wanted:2902 Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!rpi!uupsi!sunic!news.funet.fi!funic!santra!santra!pandy From: pandy@vipunen.hut.fi (Pandy Holmberg) Newsgroups: bit.listserv.macvirus,comp.sys.mac.apps,comp.sys.mac.wanted Subject: Re: My mac is infected -- what to do? Message-ID: Date: 7 Mar 91 19:05:52 GMT References: <91064.094356GFX@psuvm.psu.edu> Sender: news@santra.uucp (Cnews - USENET news system) Organization: Helsinki University of Technology, Finland Lines: 72 In-Reply-To: GFX@psuvm.psu.edu's message of 5 Mar 91 14:43:56 GMT In article <91064.094356GFX@psuvm.psu.edu> GFX@psuvm.psu.edu writes: o the virus interacts with Gatekeeper aid. If I do not put GK Aid on my drive, there are very few sides effects, so far. IF GK Aid is in, I'll get the "Desktop needs to be rebuilt" message each time I boot, or re-enters the Finder. o the virus is undetectable by Disinfectant 2.4 . I get, however several warnings of either kind: (a) "the resource fork is damaged or in an unknown format..."; (b) "not enough memory to check." 10 files trigger either message. o Gatekeeper doesn't appear to notice anything What do you mean by this?? GateKeeper is only supposed to veto any editing attempts made on files you have told it to do so with. o For at least one application (Disinfectant), I cannot change the application size in the Get Info window. When I close the window I get an error [-199] Other applications are unaffected. This is normal. You are not supposed to be able to change the size of Disinfectant for obvious reasons. o If I use MacSnoop or resEdit to look into the desktop, I get an error [-49] and a message tells me that the file is already opened with write permission The desktop file is always busy. (I might be misstaken. Could be that it isn't under Finder.) o If GK Aid is in my system folder and I rebuild the desktop, trying to look into the desktop is likely to crash my machine. o If GK Aid is in my system, at least three applications are useless -- I get error [-199] if I doubleclick or otherwise activate them. I'd appreciate any help in getting rid of this thing, or advice in how to manage the infection. My back-up files appear to have been infected. I do not fear much for the applications, but some documents are very important. I use a IIci 8/105 (Rodime's Cobra) with 6.1.5 / 6.0.5 Thanks, Stephane I don't think the main problem is a virus here. I would start by removing the system, finder & multifinder files and replace them with uninfected backup copies (preferably with system 6.0.7.). After that I would disinfect all floppies (preferably on another "clean" Mac) and the hard disk. Error -199 means "Map inconsistent with operation". This means that the data in some of your files OR the directory information might have been damaged. If this is the case you'll have to recover all possible files using some disk aid tool, e.g. DiskAid or 1st Aid, copy them to floppies and initialize your hard disk. -- Tsaukki says Pandy -- "If you make people think they're thinking, they'll love you; but if you really make them think they'll hate you." ******************************************************************************* /! ! Andreas "Pandy" Holmberg pandy@hut.fi /_!_! Helsinki University of Technology pandy@spiff.hut.fi / ! ! Faculty of Electrical Engineering pandy@otax.hut.fi / ! ! s37775d@taltta.hut.fi *******************************************************************************