Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!brunix!iris.brown.edu!mjv From: mjv@iris.brown.edu (Marshall Vale) Newsgroups: comp.sys.atari.st Subject: Re: VIRUS PREVENTION AND HELP FOR SPECTRE OWNERS Message-ID: <22910@brunix.UUCP> Date: 14 Dec 89 16:09:15 GMT References: <891213.09444156.032840@SFA.CP6> Sender: news@brunix.UUCP Organization: IRIS Lines: 53 In article <891213.09444156.032840@SFA.CP6> Z4648252@SFAUSTIN.BITNET (Z4648252) writes: > Start the New Year out right, protect your Spectre software from > virus infection. Yep, just like a real Mac, your ST can become infected > with real Mac virus critters. As a side note, the ST has unique ability > to become infected with ST, IBM, and Mac virus varmits, all due to the > wonders of emulation. There is a new virus out infecting Macs these days called the WDEF virus. Some of its effects are crashing after choosing Save from some programs (such as Word...), crashing MacIIci's and Portables (will it crash a Spectred ST? I don't know), and slowing down AppleShare servers. The WDEF virus hides itself in the invisible DESKTOP file that is on every Mac disk. As soon as you put in an infected disk into your system, your DESKTOP file will be infected. It spreads very fast. You should check every disk you have (that includes HD partitions), since it can have horrible results but is easy to get rid of. If you are uneasy about using ResEdit (you can do horrible things to your system with it) then do try one of the other suggested cures. Here are 3 ways of finding it and killing it. Virus Detective 3.1: Add the following line to the list of checks: Creator=ERIK & Resource WDEF & Any Select the single file search and choose the DESKTOP file from the root level of your disk. If it does match then select remove. Under multifinder, I recieved an error but it did erase the fake virus. If you want to be safe, be in single finder mode and check for the virus while running any application, since you won't have the Desktop file open when you make changes. ResEdit: Launch the program and open the DESKTOP file. Scroll down the resource to see if there is one called WDEF. Open the WDEF resource. If it comes up with an ID=0 (that's zero) then you have the real virus. To kill the virus, just select the WDEF resource and select CLEAR from the edit menu. Save the changes. "I Don't Have Those Programs": You can get rid of the virus by rebuilding the Desktop. When you insert a disk (or mount a HD partition) if you hold down the Alt-Cntrl keys (Option-Command on the Mac) you will get a dialog box asking if you want to rebuild the desktop. Click on OK. The disk will be busy for awhile. If you had a virus on the disk, it won't tell you, butthe WDEF will be killed. Do take note that rebuilding the desktop gets rid of all the text that is in the Get Info boxes. We have just found the virus in the public Mac clusters here at Brown U., so this virus is for real. -- mjv@iris.brown.edu "And, oh! Father Christmas, if you love me at all, Bring me a big, red india-rubber ball." A.A. Milne "Now We are Six"