Path: utzoo!attcan!uunet!tank!ncar!unmvax!pprg.unm.edu!hc!ames!elroy!mahendo!wlbr!hacgate!ashtate!dbase!cy
From: cy@dbase.UUCP (Cy Shuster)
Newsgroups: comp.sys.mac
Subject: Re: Transfers and Viruses
Keywords: virus transfer
Message-ID: <479@dbase.UUCP>
Date: 21 Nov 88 19:43:39 GMT
References: <76699@sun.uucp> <206@internal.Apple.COM> <6127@netnews.upenn.edu> <219@internal.Apple.COM> <577@poseidon.ATT.COM> <17975@shemp.CS.UCLA.EDU> <17991@shemp.CS.UCLA.EDU> <17119@agate.BERKELEY.EDU> <1006@ccnysci.UUCP>
Reply-To: cy@dbase.UUCP (Cy Shuster)
Distribution: comp.sys.mac
Organization: Ashton Tate Devlopment Center Glendale, Calif.
Lines: 22

In article <17119@agate.BERKELEY.EDU> c60a-3ez@web-3f.berkeley.edu
(Cyrus Harmon) writes:
>I am a programmer for a lab in San Francisco and we obtained a
>60 Meg tape backup from CMS.  The thing works fine but the problem is
>that our system somehow became infected with Scores. [...] So, it appears that
>since I just copied the tape backup program onto our hard disk and didn't
>use the floppy for much of anything, CMS is the source of the
>virus.

Unfortunately, we discovered nVIR in CMS's disk formatting software recently
as well. Not only is a locked disk from a vendor the last place you'd think
to look, but in cleaning up after a virus many people go back to format their
disk! It's easy to spot, though: ResEdit will show the nVIR resource if their
program is infected. And, it did no damage that we can see: it looks like it
was designed to call Macintalk and say "Don't Panic" every 1,000th invocation.
 
Call CMS if you need a fresh copy of the formatting software. It's the
worst nightmare of those of us sending out commercial releases, so we continue
to take every precaution. Remember, if you boot from a floppy, you've got no 
Vaccine running! (unless you installed it there, too).
 
--Cy--