Path: network.ucsd.edu!ihnp4.ucsd.edu!mvb.saic.com!buckie.ucha!tali.hsc.colorado.edu!csn!ncar!gatech!swrinde!cs.utexas.edu!not-for-mail Newsgroups: comp.sys.mac.announce Subject: SAM announcement for INIT-9403 Message-ID: From: werner@cs.utexas.edu (Werner Uhrig) Date: 4 Mar 1994 15:36:36 -0600 Sender: daemon@cs.utexas.edu Followup-To: comp.sys.mac.misc Organization: UTexas Mail-to-News Gateway Approved: werner@rascal.ics.utexas.edu (Comp.sys.mac.announce Moderator) NNTP-Posting-Host: cs.utexas.edu Lines: 109 [ NOTE: the following announcement was released by Symantec and is being reproduced here with permission. ] As part of Symantec's commitment to virus protection, it is our responsibility to inform you that a new Macintosh virus has been recently discovered. This new virus is called INIT-9403, and is only capable of infecting and spreading on machines running Italian versions of the operating system. NOTE: INIT-9403 is not capable of infecting your Macintosh if it is using an English version of the Macintosh operating system. INIT-9403 is a malicious virus, and it is capable of infecting the Finder and selected applications. When an infected application is run, an invisible file is created. This file contains viral code which infects the Finder when the computer is next started up. The infected Finder is then capable of infecting other applications. When triggered, INIT-9403 attempts to destroy the startup hard disk by writing data over it. INIT-9403 also attempts to overwrite the disk information on each connected hard drive larger than 16 megabytes. If the virus is triggered and runs unchecked, the startup disk will be essentially unrecoverable. Non-startup disks may be recoverable by some utility programs. SAM Virus Clinic can repair files infected by INIT-9403; however, if possible, replace rather than repair System files and applications infected by INIT-9403. UPDATE REPAIR INSTRUCTIONS Owners of SAM Version 3.5 and SAM Version 3.0 can instantly update the repair capabilities of SAM to recognize the INIT-9403 virus by downloading the updated SAM Virus Definition File available on the Symantec Bulletin board (503) 484-6699 (2400 baud) or (503) 484-6669 (9600 baud). The definition is also available on CompuServe, America Online or Applelink. Once you have downloaded the virus definitions file, you should copy it into your System folder, replacing the current SAM Virus Definition File with the file just downloaded. SAM Intercept and SAM Virus Clinic will then be able to repair infected files that were not permanently damaged by the virus. If you don't own a modem and cannot download the virus definitions file, you can receive a disk with repair capabilities for $12.00 (plus sales tax where applicable). To order, please call Customer Service at (800) 441-7234 in the US and Canada. To Update SAM manually for detection of INIT-9403, complete the following steps: (Note: this is not necessary if you have installed the new virus definition file) FOR SAM 3.5: Step 1: Open SAM Virus Clinic. From the Options menu in version 3. of SAM Virus Clinic select "Virus Definitions". Select "Add Resource" Now enter the following information: (NOTE: 0 = zero) Name: INIT-9403 Search String (Hex): A003 206E FFF8 2D50 FFF8 4AAE FFF8 66A4 Offset: Greater or Equal to 256 From: START Resource Type: Sys6 Resource ID: Equal to 2 Size: Greater or Equal to 940 Verification: EB96 (Check: 94F9) After you've entered the above information correctly, you will be able to click "DONE" and the virus definition will be added. If you encounter difficulty and require assistance, you may contact Symantec Technical Support at (503) 465-8440. [ NOTE: the virus definition and help file will shortly become available for FTP on RASCAL.ICS.UTEXAS.EDU [128.83.138.20] in directory /mac/virus/SAM as files: SAM_Virus_Help.bin SAM_Virus_Definitions_940303.bin (the definitions file arrived incomplete, so I am waiting for a second copy) the files should become available at the other popular sites within a short time. ---Werner ] +----------------------+ | werner@cs.utexas.edu | +----------------------+ Frank Zappa !!! R.I.P. .