Path: utzoo!utgpu!attcan!uunet!husc6!mailrus!cwjcc!hal!nic.MR.NET!gonzo.eta.com!zeke
From: zeke@gonzo.eta.com (Robert Scott)
Newsgroups: comp.sys.mac
Subject: New Mac Virus?
Keywords: virus, virus, and virus?
Message-ID: <819@nic.MR.NET>
Date: 4 Nov 88 04:14:26 GMT
Sender: news@nic.MR.NET
Organization: ETA Systems, Inc., St Paul, MN
Lines: 50

Ouch!  I think my machine has been infected by a virus, but
it doesn't match the description of any I know about.
Interferon reports that there isn't any virus that it knows
about present, but it reports anomoly 103 on several system
files (the ones I suspect may be infected by other evidence
given below).  Anomoly 103 isn't listed in the Interferon
documentation, so question 1 is: does anybody know what
anomoly 103 is?

The symptoms are rather innocuous, but then again aren't almost
all virus (viruses, viri, virium?) seemingly so?
  Symptom 1: In the system folder, the System, Finder,
    Multifinder, Scrapbook, and Clipboard files all have
    different icons than standard.  They all appear similar
    to the uninfected icons, but the disk drive has the little
    open space on the right (which the normal icons dont) and
    there appears to be some kind of objects where the screen
    should be (looks almost like some books of various heights).
  Symptom 2: When switching from Multifinder to Finder, via
    resetting the startup option and issuing the "restart" menu
    command, the machine always hangs right after the "Welcome
    to Macintosh" message appears, and right before the Vaccine
    icon appears in the lower left corner.  I have to power down
    or hit the restart button to get it going again, then it loads
    just fine.
  Symptom 3: Just for jollies, I rebuilt the desktop on my disk.
    When this completed, the icons for the Finder and the Clipboard
    file changed to a blank document page icon.  The other system
    files described above still have the strange icons.

There are extenuating circumstances here that point to the
possibility that my newly repaired hard disk may have come from
the factory repair shop with the virus already in the system file.
When it returned from repair, it was loaded with the System 4.2,
Finder 6.0 set, but all seemed well at the time.

If anybody recognizes this virus, or has any clues as to how
to proceed to track it down further (I can make my way around
reasonably with Resedit and Macsnoop), please post here or
respond by email.

P.S. Vote Bill D. Catt for President.

%%%%%%%%%%%%%%%%%%%%%%%%% From the Final Frontier %%%%%%%%%%%%%%%%%%%%%%%%%
These are my opinions, of course.  Why the hell would my company want them?

Robert K. "Zeke" Scott    internet:  zeke@wilbur.sunfun.eta.com
ETA Systems, Inc. ETC03J  uucp:      {amdahl,rutgers}!bungia!eta!sunfun!zeke
1450 Energy Park Drive    fax:       (612) 642-3448
St. Paul, MN  55108       voice:     (612) 642-3493