Xref: utzoo comp.sys.mac:23588 comp.sys.mac.programmer:3386 Path: utzoo!utgpu!watmath!clyde!att!pacbell!ames!lll-lcc!unisoft!mtxinu!taniwha!michael From: michael@taniwha.UUCP (Michael Hamel) Newsgroups: comp.sys.mac,comp.sys.mac.programmer Subject: Re: nVIR virus found in "Kill Virus" Message-ID: <226@taniwha.UUCP> Date: 3 Dec 88 17:34:26 GMT References:<223@sunset.MATH.UCLA.EDU> <579@uva.UUCP> Reply-To: michael@taniwha.UUCP (Michael Hamel) Organization: Taniwha Systems Design, Oakland Lines: 25 In article <579@uva.UUCP> borton@uva.UUCP (Chris Borton) writes: >nVIR has a built-in inhibitor, probably so that the originator wouldn't >infect his whole system as well. The virus checks for the existence of the >resource 'nVIR 10' in the System file, and if it's there then it doesn't infect >anything. Actually it checks for INIT 32 as well, and my own anti-nVIR program, AntiPan, installs this into systems to immunise them instead of nVIR 10 because of the likely confusion. AntiPan exterminates nVIR from the system files and all applications on whatever volume you point it at. It also requires you to reboot if nVIR is resident in the system heap. Someone (I'm afraid I don't recall who) posted a remark recently saying that AntiPan sometimes failed. I tried to mail him, but I assume my mail got lost as I have had no reply. I would be most interested in any known cases of failure, as I know of none and will fix any bugs when I get back to the sources in New Zealand next week... -- "In challenging a kzin, a simple scream of rage is sufficient. You scream and you leap." Michael Hamel ..!{unisoft|mtxinu}!taniwha!michael