VIRUS-L Digest Thursday, 6 Apr 1989 Volume 2 : Issue 81 Today's Topics: Hard Disks and Viruses Virus Detective (Mac) Something to ponder... --------------------------------------------------------------------------- Date: Sat, 01 Apr 89 09:34:15 EDT From: Swifty Le-Bard Subject: Hard Disks and Viruses Greetings to all! To all the people who have contributed answers to an unfortunate common problem, thanks, I needed that! But anyway, I am planning on purchasing a HD (71mb) and would like some suggestions as to how I can spot a virus (or potential one), and if dreadfully, I do encounter one, what can I do short of erasing all the data. The viruses I speak of are the kind that wind up on the boot sector, and those that work on COM and EXE files. Do the viruses stay resident on one area of the Hard Disk, or do they move around? (copy itself to other partitions, and/or subdirectories). Thanks for any info/answers! )--==*>PHOENIX<*==--( ------------------------------ Date: Wed, 05 Apr 89 15:55:25 EST From: dmg@mwunix.mitre.org Subject: Virus Detective (Mac) > Is anybody familiar with the Mac desk accessory VirusDetective? >How reliable is it? Does it merely identify infected files or will it >also remove viruses from files? Under the expectation that by "reliable" you mean "successfully detect a virus", Virus Detective is very reliable for detecting MacMag/Peace, nVIR/Hpat (and I suspect the AIDS variant of nVIR), Scores, Init 29, and ANTI. In order to detect the latter two viruses, you will need version 2.1.1. For eradication, you will either have to do this manually, or obtain another product (a recent one that holds alot of promise is Disinfectent. Refer to the March 30 Virus-L digest for the details on it). Virus Detective 2.1.1 and Disenfectant 1.0 are both archived by the InfoMAC people. I suggest you ask there for details on how to transfer these utilities to your local machine. Disclaimer: Dis is soup. Dis is Art. Soup. Art. David M. Gursky Member of the Technical Staff, W-143 Special Projects Department The MITRE Corporation ------------------------------ Date: Wed, 05 Apr 89 18:18:30 EST From: dmg@mwunix.mitre.org Subject: Something to ponder... I've been doing some research on viruses here at the office and I thought struck me, perhaps someone on InfoMAC or Virus-L can contribute something to this: The Brain virus that afflicts MS-DOS systems has the capability to infect the bootstrap code on a floppy disk. This makes it a particularly nasty virus because a "warm restart" will not cause the virus to go away; it will still be in the bootstrap code that is kept in RAM. My question is this: Why can't the bootstrap code on tracks 0 and 1 of a Mac disk be infected? Would Vaccine prevent such an infection? My suspected answers are (1) it can be done and (2) no, Vaccine would be totally ineffective against it. If my suspicions are indeed correct, how likely is it that Don Brown could be persuaded to update Vaccine to prevent this? David M. Gursky Member of the Technical Staff, W-143 Special Projects Department The MITRE Corporation ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253