Path: utzoo!mnetor!uunet!husc6!cmcl2!nrl-cmf!ames!ucsd!sdcsvax!net1!borton From: borton@net1.ucsd.edu (Chris Borton) Newsgroups: comp.sys.mac Subject: I've got a virus and I don't like it Message-ID: <4731@sdcsvax.UCSD.EDU> Date: 8 Mar 88 02:04:12 GMT Sender: nobody@sdcsvax.UCSD.EDU Reply-To: borton@net1.UUCP (Chris Borton) Organization: UCSD Network Operations Group Lines: 36 Keywords: virus This is a warning and plea for more information, if anyone has any. We just discovered a virus in some of our systems (not all) at work today, and it has permeated my system at home as well. The symptoms are simple: INIT 32 in System File nVIR resources in various applications and the System File. This sucker is tricky -- it is getting itself loaded before any INITs do (we believe the INIT 32 is just a teaser), like PTCHs do, but it isn't in PTCH. Our two best programmers spent today tracing through it and still haven't found a real solution other than offloading and re-initializing. To our knowledge it is non-malicious (yet). The nVIR resources are usually small, sometimes 8 bytes, sometimes ~360. If you remove them from both System and ResEdit, the virus won't let you run ResEdit because it is looking for those resources and can't find them. It occasionally beeps when running a program. We have no idea what installed this. We are fairly certain it originated from one of the many small programs that come over the net. Many of these would be perfect 'carriers' -- little demo program that's an "aww, that cute, now let's trash it." I'm not putting down these programs, just pointing out what I feel is obvious. I don't believe this is any cause for panic -- it hasn't done any known harm yet. I would, however, like to get to the bottom of this! If it's a joke, I don't find it very funny. (unless it de-installs itself completely after April Fool's Day :-)). If it is someone's graduate thesis, you get an A-. But enough is enough! -cbb Chris "Johann" Borton, UC San Diego ...!sdcsvax!borton borton@ucsd.edu or BORTON@UCSD.BITNET Letztes Jahr in Deutschland, nog een jaar hier, en dan naar Amsterdam! "H = F cubed. Happiness = Food, Fun, & Friends." --Steve Wozniak