Xref: utzoo comp.sys.mac:23588 comp.sys.mac.programmer:3386
Path: utzoo!utgpu!watmath!clyde!att!pacbell!ames!lll-lcc!unisoft!mtxinu!taniwha!michael
From: michael@taniwha.UUCP (Michael Hamel)
Newsgroups: comp.sys.mac,comp.sys.mac.programmer
Subject: Re: nVIR virus found in "Kill Virus"
Message-ID: <226@taniwha.UUCP>
Date: 3 Dec 88 17:34:26 GMT
References:  <223@sunset.MATH.UCLA.EDU> <579@uva.UUCP>
Reply-To: michael@taniwha.UUCP (Michael Hamel)
Organization: Taniwha Systems Design, Oakland
Lines: 25

In article <579@uva.UUCP> borton@uva.UUCP (Chris Borton) writes:
>nVIR has a built-in inhibitor, probably so that the originator wouldn't
>infect his whole system as well.  The virus checks for the existence of the
>resource 'nVIR 10' in the System file, and if it's there then it doesn't infect
>anything.

Actually it checks for INIT 32 as well, and my own anti-nVIR program, AntiPan,
installs this into systems to immunise them instead of nVIR 10 because of the
likely confusion.

AntiPan exterminates nVIR from the system files and all applications
on whatever volume you point it at. It also requires you to
reboot if nVIR is resident in the system heap. Someone (I'm afraid I
don't recall who) posted a remark recently saying that AntiPan sometimes
failed. I tried to mail him, but I assume my mail got lost as I have had no
reply. I would be most interested in any known cases of failure, as I know
of none and will fix any bugs when I get back to the sources in New Zealand
next week...


-- 
"In challenging a kzin, a simple scream of rage is sufficient.
 You scream and you leap."

Michael Hamel              ..!{unisoft|mtxinu}!taniwha!michael