Abstracts of files as of Wed Aug 1 03:37:25 PDT 1990 Directory: info-mac/virus #### TEXT 00what-to-use.txt **** Here are our current recommendations for virus-related tools. Such tools can be divided into three classes: those that prevent infections, those that warn you when an infection is present, and those that remove infection. 1. Prevention The big ones in this category are Vaccine and Gatekeeper. Vaccine is older and less powerful, but less intimidating. If you are not very technically inclined, Vaccine might be easier. But if you want the most protection, Gatekeeper does an exceptional job. If you are a programmer, be sure to use Gatekeeper. These tools are especially powerful because they provide a limited amount of protection against future viruses, unlike the tools in the other categories. The combination of Gatekeeper and the startup document GateKeeper Aid is more effective against recent viruses than Vaccine or GateKeeper alone. 2. Detection #### BINHEX antipan-15.hqx **** Date: Fri, 15 Jun 90 16:07 GMT + 1300 From: "Michael Hamel, OUCSC" Subject: here comes new public release of Antipan (version 1.5) Here is new, improved Antipan 1.5 which washes even whiter... I would, as always, greatly appreciate any bug reports. Antipan doesn't try to do everything but it would be nice if it was at least competent within its field. Michael Hamel, OUCSC #### BINHEX disinfectant-20.hqx **** Date: Sun, 8 Jul 90 19:33:59 PDT From: jln@acns.nwu.edu Subject: Disinfectant 2.0 Disinfectant 2.0 ================ July 8, 1990 Disinfectant 2.0 is a major new release of our free Macintosh anti-viral utility. The main goal of version 2.0 is to provide a complete and free solution to the Macintosh virus problem in a single package (in fact, in a single file). Version 2.0 addresses all four aspects of the virus problem: detection, repair, protection, and education. Version 2.0 includes a new virus protection startup document (INIT). The INIT is designed for use by novices and others who find existing protection INITs to be too complicated and obtrusive. Version 2.0 has a much-improved online manual, with pictures, printing, a context-sensitive help system, and many new sections of information. Version 2.0 is a non-modal application with standard windows and menus. It supports desk accessories, printing, MultiFinder application switching, and scanning in the background. There is a new Preferences window which can be used to specify miscellaneous options and parameters. Other new features include more scan and disinfect options, new counters in the main window, and a much-improved scanning station feature. Version 2.0 also recognizes the Frankie virus. Frankie only affects some kinds of Macintosh emulators running on Atari computers. Disinfectant 2.0 is available now via anonymous FTP from site acns.nwu.edu [129.105.49.1]. It will also be available soon on sumex-aim.stanford.edu, rascal.ics.utexas.edu, comp.binaries.mac, CompuServe, GEnie, Delphi, BIX, MacNet, America Online, Calvacom, AppleLink, and other popular sources of free and shareware software. Macintosh users who do not have access to electronic sources of free and shareware software may obtain a copy of Disinfectant by sending a self-addressed stamped envelope and an 800K floppy disk to the author at the address below. People outside the US should send an international postal reply coupon instead of US stamps (available from any post office). Please use sturdy envelopes, preferably cardboard disk mailers. John Norstad Academic Computing and Network Services Northwestern University 2129 Sheridan Road Evanston, IL 60208 Bitnet: jln@nuacc Internet: jln@acns.nwu.edu CompuServe: 76666,573 AppleLink: A0173 attached file "Disinfectant.sit.hqx" : #### BINHEX eradicatem.hqx **** Date: Wed, 20 Dec 89 17:22:08 PST From: dplatt@coherent.com Subject: Eradicat'Em INIT, version 1.0 This is version 1.0 of Eradicat'Em, an INIT designed to find and eliminate the WDEF virus. When installed in your system, it will automatically scan the Desktop files on your disks, and will safely remove the virus before it can infect your machine. Eradicat'Em is an alternative to the Gatekeeper Aid INIT. It is somewhat smaller and somewhat more selective than Gatekeeper Aid, and is slightly less intrusive when it finds the WDEF virus (it beeps, rather than putting up a Notification Manager dialog box). Eradicat'Em is based in part on the Eradicat'Em INIT written and distributed a couple of weeks ago by Guy Fiems, Riccardo Ettore, and Luc Wets. I've reworked the detector/sanitizer code in order to eliminate the compatibility problems in the initial releases of Eradicator!. Eradicat'Em 1.0 runs on the Mac Plus, SE, SE/030, Mac II, IIx, and IIcx. I believe that it should work correctly on the 512ke, IIci, and Portable, but I've not had the opportunity to test it on those machines. It is not compatible with the "classic" Mac 128 and the unenhanced 512k "Fat Mac", and will not install itself on those machines. In the tests I've run, Eradicat'Em has been completely effective in preventing the WDEF virus from gaining a foothold. It will remove the WDEF infection from your boot-disk, if present, and from any other disk you insert or mount. If Eradicat'Em is unable to remove the WDEF virus (from a locked disk, for example) it will deny access to the Desktop file, and thus prevent the Finder from inadvertently invoking the virus. Eradicat'Em is free... feel free to use it and pass it around. More information on Eradicat'Em is included in a TeachText file in the following StuffIt archive. Dave Platt VOICE: (415) 493-8805 UUCP: ...!{ames,apple,uunet}!coherent!dplatt DOMAIN: dplatt@coherent.com INTERNET: coherent!dplatt@ames.arpa, ...@uunet.uu.net USNAIL: Coherent Thought Inc. 3350 West Bayshore #205 Palo Alto CA 94303 #### BINHEX gatekeeper-111.hqx **** #### BINHEX gatekeeper-aid-101.hqx **** Date: Thu, 21 Dec 89 22:25:59 -0600 From: chrisj@emx.UTEXAS.EDU (Chris Johnson) Subject: Gatekeeper Aid 1.0.1 Gatekeeper Aid 1.0.1 (c) 1989 by Chris Johnson Well, folks, 1.0 has been one of "those kind" of releases. Version 1.0 of Gatekeeper Aid went through it's testing process with flying colors, but as soon as it found it's way into the real world things started breaking. Many of the problems were simply confusing features (the Implied Loader messages), while others were actual bugs and caused real trouble (the eject bug under MultiFinder, and applications that suddenly failed to launch). Although most users seem to have been able to use 1.0 without incident, many did experience the aforementioned problems. It's been real "interesting" at this end, I assure you. :-( In any case, I think we can leave the bulk of these problems behind us. Gatekeeper 1.0.1 is now ready for release. It eliminates a problem caused by inaccurate and/or incomplete documentation of the OpenResFile() routine in Inside Mac. It eliminates the requests for reinsertion of diskettes under MultiFinder. This alone eliminates a big problem encountered by DiskFit users. (I don't think this particular bug was in Gatekeeper Aid, but it's a long story.) It eliminates the possibility of "normal" Desktop resources being flagged as "Implied Loader" viruses. It does some other good stuff too, and just generally improves the reliability significantly. A few more details are available in the enclosed "Gatekeeper Aid Docs." file. Happy virus hunting! Cheers, ----Chris ----chrisj@emx.utexas.edu #### BINHEX repair-15.hqx **** >From: brecher@well.UUCP (Steve Brecher) Date: 20 Mar 89 01:00:52 GMT Organization: Software Supply, Sunnyvale, CA [Repair 1.5] Repair's nVIR recognition is now independent of the infecting agent CODE resource ID and the System file INIT resource ID. (This generalization is not in response to a known variant; it is just a precaution.) For some varieties of nVIR, previous versions of Repair would fail to recognize infection in a System file even though it recognized infection in applications. Version 1.5 extends Repair's recognition generality to System files. brecher@well.UUCP (Steve Brecher) --- #### BINHEX rival-mdef-updater.hqx **** Date: Fri, 1 Jun 90 13:49:48 PDT From: bmug@garnet.berkeley.edu (BMUG) Subject: [*] Rival updater for MDEF This is a vaccine for the Garfield/MDEF virus for updating the Rival antiviral program distributed commercially by Microseeds. Documentation is included in the Stuffed archive. Although Rival is commercial, the vaccine files may be distributed freely, according to Microseeds. #### BINHEX rival-trojan-updater.hqx **** Date: Wed, 13 Jun 90 10:31:19 PDT From: bmug@garnet.berkeley.edu (BMUG) This is a vaccine for various Trojan horses to be used with Rival, the antiviral detection/eradication CDEV. This vaccine may be freely distributed; Rival itself is a commercial product. John Heckendorn BMUG, Inc. ----------------------CUT HERE--------------------------------- #### BINHEX rwatcher.hqx **** Date: Mon, 14 Nov 88 12:01 CST From: John Norstad Subject: Resource Watching INIT RWatcher is a configurable resource-watching INIT that provides partial virus protection for Macintosh programmers. It was written for those non-MPW programmers who would like some virus protection, especially against Scores and nVIR, but are not willing to use Vaccine because of Vaccine's constant complaints about creating CODE resources. I distribute RWatcher as a Stuffit archive containing the following six files: Rwatcher The INIT User Doc A MacWrite user document Notes A MacWrite document describing my testing RLIS Template A ResEdit template used to configure RWatcher RWatcher.a MPW assembler source code ShowInit.a MPW assembler source code RWatcher is copyrighted, but free. John Norstad Academic Computing and Network Services Northwestern University Bitnet: jln@nuacc Internet: jln@nuacc.acns.nwu.edu ------------------- Cut Here ----------------------------------- #### BINHEX vaccine-101.hqx **** 10-Jan-89 18:15:07-GMT,12157;000000000001 Return-Path: Received: from ames.arc.nasa.gov by sumex-aim.stanford.edu (4.0/inc-1.0) id AA01732; Tue, 10 Jan 89 10:15:07 PST Received: Tue, 10 Jan 89 10:07:01 PST by ames.arc.nasa.gov (5.59/1.2) Received: from improper.coherent.com by coherent.com (3.2/SMI-3.2) id AA02590; Tue, 10 Jan 89 10:10:45 PST Received: by improper.coherent.com (3.2/SMI-3.2) id AA02594; Tue, 10 Jan 89 10:10:44 PST Date: Tue, 10 Jan 89 10:10:44 PST From: dplatt@coherent.com (Dave Platt) Message-Id: <8901101810.AA02594@improper.coherent.com> To: Info-Mac@sumex-aim.stanford.edu, felix!macintosh@ames.arc.nasa.gov Subject: Vaccine INIT/CDEV, v 1.0.1 This is version 1.0.1 of the classic "Vaccine" virus-blocker, from CE Software. Version 1.0.1 is a bug-fix update to version 1.0; to the best of my knowledge and belief it has no new features. #### BINHEX virus-detective-402a.hqx **** Date: Sun, 20 May 90 09:27:31 CDT From: shulman@sdrvx2.sinet.slb.com (Jeffrey Shulman) Subject: VirusDetective 4.0.2a VirusDetective is a DA for tracking down viruses (or any resources) in files. You specify the resource type and various attributes. Once the offending resource is found it can optionally be removed from the file (use this feature with caution) or file deleted. The user can update the search list at any time. Shareware. Version 4.0.2a adds search string for the Garfield MDEF virus. You only need the search string list (posted separately) if you already have version 4.0.2. Jeff Shulman Shulman@SDR.SLB.COM (until July 1, 1990) #### BINHEX virus-encyclopedia.hqx **** Date: Fri, 13 Apr 90 09:46:52 PDT From: jln@acns.nwu.edu Subject: Virus Encyclopedia Henry Schmit has released a new version of his Virus Encyclopedia stack. It discusses the new ZUC virus. I'm forwarding a copy to info-mac on his behalf. John Norstad Northwestern University jln@acns.nwu.edu attached file "Virus Encyclopedia.sit.hqx" : #### TEXT virus-resources.txt **** From JLN@nuacc.acns.nwu.edu Tue Nov 15 15:25:33 1988 Flags: 000000000011 Received: from accuvax.nwu.edu (northwestern.arpa) by rascal.ics.utexas.edu (3.2/4.22) id AA21977; Tue, 15 Nov 88 15:25:29 CST Received: from nuacc.acns.nwu.edu by accuvax.nwu.edu id aa20017; 15 Nov 88 15:20 CST Date: Tue, 15 Nov 88 15:22 CST From: John Norstad Subject: Viral Resources To: info-mac@sumex-aim.stanford.edu, werner@rascal.ics.UTEXAS.EDU X-Vms-To: IN%"info-mac@sumex-aim.stanford.edu",IN%"werner@rascal.ics.utexas.edu",JLN Message-Id: <8811151520.aa20017@accuvax.nwu.edu> Status: RO Someone asked for a list of known Mac viruses and their resource identifications, so that users of Virus Detective could update the list of suspicious resources, and so that users of ResEdit would know what to look for. #### BINHEX virus-rx-16.hqx **** Date: Thu, 1 Feb 90 19:31 EST From: Subject: Virus RX 1.6 This is Apple's Virus RX version 1.6 If it is already in the archives then scrap this file. The package includes a teach text file with instructions and info. ***************************************************************** * Joe Kazura Apple Computer - Student Rep * * The U.T.C. 14A Thompson Hall - UNH * * Durham, NH 03824-3547 (603) 862-1328 * * BITNET: JK_APPLEREP@UNHH Applelink: ST0566 * ***************************************************************** * Disclaimer - The Views Expressed Are MINE!! Not even Apple's * *****************************************************************