Path: utzoo!attcan!uunet!lll-winken!ncis!helios.ee.lbl.gov!nosc!ucsd!ucbvax!decwrl!purdue!mailrus!cwjcc!gatech!bbn!bbn.com!levin
From: levin@bbn.com (Joel B Levin)
Newsgroups: comp.sys.mac.programmer
Subject: Re: INIT 29: a brief description
Message-ID: <34817@bbn.COM>
Date: 19 Jan 89 19:57:52 GMT
References: <34734@bbn.COM> <876@mailrus.cc.umich.edu>
Sender: news@bbn.COM
Reply-To: levin@BBN.COM (Joel B Levin)
Organization: BBN Communications Corporation
Lines: 22

In article <876@mailrus.cc.umich.edu> shane@chablis.cc.umich.edu (Shane Looker) writes:
  [quotes my description of INIT 29]
|I have a question and potential warning about this.  If INIT29 does indeed 
|patch OpenResFile, the VirusDetective (and others) will cause this to spread
|like wildfire.  They use OpenResFile to look at each file.  Be very careful
|if you think you have this.  I don't have any suggested workaround, but though
|I should bring this up.

You should always do your virus checking and repairs after booting up
from a known clean system floppy which is kept write protected.  If
the INIT does not execute at boot up time, OpenResFile does not get
patched and VirusDetective et al will not spread it.  Note however
that running an infected application in this state will attempt an
infection of the current System file; if this were to succeed the next
reboot from that system would result in a patched trap.

An open write protect tab will prevent infection of a floppy disk.

	/JBL
--
UUCP:     {backbone}!bbn!levin		POTS: (617) 873-3463
INTERNET: levin@bbn.com