Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: XRJDM@SCFVM.GSFC.NASA.GOV (Joe McMahon)
Newsgroups: comp.virus
Subject: Re: Possible hypercard virus? (Mac)
Message-ID: <0016.9104111306.AA01727@ubu.cert.sei.cmu.edu>
Date: 10 Apr 91 21:35:33 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 23
Approved: krvw@sei.cmu.edu

>I'm hoping someone out there can help me.  I have a user (I'm a
>consultant) who thinks he may have a virus.  When he is using
>HyperCard 1.2.5 with a stack that is 300-400 K in size (it is just one
>specific stack) he is getting a lot of bombs.  When he tries to script
>a new card for the stack he gets a bomb at various times as follows:
>        As soon as he starts scripting
>        When he tries to end the scripting

THis sounds more like a corrupted stack than a virus. Your user may
want to (okay, *need* to) copy the old cards into a new stack. There's
a stack called "Cheesy Recovery" on sumex (I think) that should do the
job.

>Is it possible for a virus, trojan, worm, etc. to infect a hard disk
>or RAM simply by inserting an infected floppy into a drive without
>execution??

Yes. There are several Mac viruses which take advantage of a feature
in the operating systenm which allows you to substitute your own code
for system code. The substitute code spreads via a resource file which
the Finder always opens when a disk is inserted.

 --- Joe M.