Xref: utzoo comp.sys.mac:23534 comp.sys.mac.programmer:3360
Path: utzoo!utgpu!watmath!clyde!att!rutgers!gatech!bloom-beacon!bu-cs!dartvax!eleazar.dartmouth.edu!isle
From: isle@eleazar.dartmouth.edu (Ken Hancock)
Newsgroups: comp.sys.mac,comp.sys.mac.programmer
Subject: Re: nVIR virus found in "Kill Virus"
Message-ID: <11306@dartvax.Dartmouth.EDU>
Date: 2 Dec 88 18:00:09 GMT
References:  <223@sunset.MATH.UCLA.EDU> <579@uva.UUCP>
Sender: news@dartvax.Dartmouth.EDU
Reply-To: isle@eleazar.dartmouth.edu (Ken Hancock)
Organization: Personal Computing Center, Dartmouth College
Lines: 38

In article <579@uva.UUCP> borton@uva.UUCP (Chris Borton) writes:
>In article <223@sunset.MATH.UCLA.EDU> hgw@math.ucla.edu (Harold Wong) writes:
>>In article  ll12+@andrew.cmu.edu (Laura Ann Lemay) writes:
>nVIR has a built-in inhibitor, probably so that the originator wouldn't
>infect his whole system as well.  The virus checks for the existence of the
>resource 'nVIR 10' in the System file, and if it's there then it doesn't infect
>anything.
>
>The KillVirus INIT from Matthias Urlichs is an INIT that installs this
>probitor resource into the System file.  [Programmer note: given the confusion 
>this now causes, it might have been more appropriate to build that resource on 
>the fly].  Hence, with the KillVirus INIT your system will be immune to
>attacks of nVIR and further spreading of nVIR.
>
>To my knowledge, KillVirus does NOT do anything to applications at all.  Hence, 
>if you have an infected application, it will be benign on your KillVirus-
>protected system, but if you give it to your friend who is not protected, then 
>he will become infected.

According to the documentation, KillVirus DOES remove nVIR from any
infected application any time an infected application is launched.

As far as creating the nVIR on the fly, that won't solve any problems.
Everyone will still see that the system is infected with nVIR.

Seeing that so many people are so hyped up about viruses, it would
seem that instead of just throwing all these things in the system
folder and then jumping up and down yelling "It's infected", they'd
take the time to first find out what does what and stop all this
blown out of proportion panicing.

Ken


Ken Hancock  '90                   | BITNET/UUCP/
Personal Computing Ctr Consultant  |   INTERNET:  isle@eleazar.dartmouth.edu
-----------------------------------+----------------------------------------
DISCLAIMER?  I don't get paid enough to worry about disclaimers.