Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!usc!snorkelwacker!spdcc!merk!xylogics!cloud9!jjmhome!m2c!wpi!reynhout From: reynhout@wpi.wpi.edu (D Andrew Reynhout) Newsgroups: comp.sys.mac Subject: Informational Solicitation (possible virus) Message-ID: <6384@wpi.wpi.edu> Date: 21 Dec 89 08:11:21 GMT References: <6383@wpi.wpi.edu> Reply-To: reynhout@wpi.wpi.edu (Cthulhu) Distribution: usa Organization: Worcester Polytechnic Institute, Worcester ,MA Lines: 50 (REPOST- my first elicited one reply by private mail, telling me that I (a friend, actually) may have stumbled upon an undocumented virus) A friend of mine at Boston University recently discovered his System and Finder trashed, and his HD renamed to "Virus by Virax" or similar. (He was explaining it over the phone, and I didn't get the spelling.) He uses VirusDetective, which tells him that his HD is clean, but there is undeniably SOMETHING wrong somewhere. He reinstalled his system software from a backup, and all of the other files seemed intact. Everything ran smoothly...for a day or so. Then the same thing happened. He's currently using his HD as a datadisk, and booting from a floppy, but this is irritating and he wonders if someone might be able to point him in the direction of having his HD restored to its previous working order. Upon inquiry, he stated that his roommate is computer-illiterate and would not know the first thing about screwing his system over...had to ask. I know everyone's busy with WDEF...but an acknowledgement of extance would make me a happy person. He was more than slightly upset by this development, having final papers and such due before break... Which have now been taken care of, but he would like at least a warning not to use the HD. I would get copies of the System/Finder in question, but it's not convenient, and I don't want to find out that this is a well-documented and easily removed virus that I, as a member of the MacCommunity should know about. I did send him Disin- fectant, that being the best virus removal program I have seen. He used it, but the problems recur. SO- let me know... BTW- Don't beat on me for this. I'm a virus-neophyte. My only experience has been with nVIR and WDEF, both of which were nice and cleanly removed by Disinfectant. I've been using Vaccine since my brush with nVIR. WDEF appeared on some school-owned Mac IIs. Also BTW- No one ever talks about what the virii were written to DO...if they were not malicious, merely buggy, then what WERE they?? And what's to prevent a clean virus from keeping itself hidden until it does what it was written to do? Of course, the various virus-protection programs will stop any virus that propagates itself with documented and standard routines...my understanding is that WDEF bypassed the protection at the expense of compat- ibility, which is the only reason it was discovered in the first place. Andrew -- Andrew Reynhout (Internet: reynhout@wpi.wpi.edu) "Maybe if we pretend this never happened, they'll all just...go away." - Laurie Anderson