I just had my first brush with a virus.  Nothing bad happened, but it
was a little scary.  Somehow, the floppy I use to transfer files  between
here and our home office got infected with the Michaelangelo virus.
PC Tools dutifully caught it and disinfected it.  I'd be interested to
hear how you folks deal with viruses.

31 responses total.

I had one once on a floppy given me by a colleague at the U. Disinfectant
caught it, and that's all.

My company *requires* McAffee's Shield be installed on all company owned
PCs.  I've never had a virus, under any circumstances.  

For Macs, it's so simple to stay virus free. Just Run Disinfectant
and either install its init or install Gatekeeper. I like Gatekeeper
instead of the Disinfectant init, but that's a matter of preference.
All of this code is free, and maintained by anti-viral gurus John
Norstad at Northwestern, and Chris Johnson at U. Texas.

Virus activity on Macs has flared up from time to time, but recently
there has been very little going on. Antivirals are *very* effective.

I am very concerned about virii on macs because I sell mac software.
Someone else will have to fill us in on other platforms.

Viruses are quite rare. I've seen only a few instances. We have over
1.0 Gigabyte of files on the BBS and I have yet to see a virus on there.
I don't worry about viruses at all. I use to run McAfee on my computer, but
I don't bother anymore (I couldn't stand that 2 second wait at bootup <g>)

Our PC lab at work has lately been infested with a virus.  I haven't
caught it yet (I use write-protected disks), but others haven't been
so lucky.  The recommendation is to run McAfee's Scan when entering the
network (takes about 5 minutes...bleah), and to use it to check your
disks.  Unfortunately, the people in charge of the network didn't think
to provide us with a Scan that will test floppies...we have to provide that.
  We're not sure where the virus is coming from, probably one or two
people with infected disks keep re-infecting the computers.  
  As far as Mac virii go, the Macs where I work are the absolute pits
...they are constantly infecting disks (and the Disinfectant catches the
problem).  If I worry about viruses, it's almost always when I use the
Macs.
  I've never had a virus on my home computer (at least Scan has never
found one).  I run Scan once a week with a cron-type program.  Does that
seem often enough?

  I caught Yankee Doodle once... I think it was from the school network,
a couple of years ago...  haven't had any problems since, though, although
I scan my system every once in a while, particularly after I'm having
trouble getting something funny to work (like Windows :) )...

It has been almost 6 months since the last Mac virus was detected.  Not
bad...

I have seen Michaelangelo, Stoned, and Datalock. I haven't even seen other
viruses before.

It looks like I indeed picked up the virus from the machines at our
home office.  The computer that I use there was infected.  Normally,
they run a virus checker on all the computers there.  The virus
checker gets run every time someone logs into the network.  This
computer was different from all the others, though, in that it was not
connected to the network.

We got hit by the WDef virus last week.  Somehow got into the harddrive when
my husband was backing everything up on disks.  The system crashed when I
trieds to log in.  We thought we overloaded it or who knows what.  Turned out
that my husband didnt use Virex one time and infected it all.  Burns me up.
A 14 year old kid in California in 1989 thought he'd play around, and its still
infecting systems.

Aha - WDEF - a Mac virus - something I know about:

I have all kinds of info about WDEF from the Disinfectant Help File,
if you're interested. The gist of it is that unlike most viruses, WDEF
only infects the desktop file. It does not affect applications.

Under system 7, the desktop file has been replaced by the desktop
database (two new invisible files). So only Macs running system 6
are vulnerable. All of the systems I oversee at work are running
sys 7 so I don't have to worry about WDEF. Also-- If I had to worry
about it, I'd get "GateKeepr AID" a free init from Chris Johnson
at utexas.edu which will forever keep WDEF off your system. No need
to pay good money for antivirals that don't always work.

If you have 4M of Ram or more, I would recommend sys 7, which you
can legally get for free if you don't want documentation and support.
It's way cool.

Strongly recommend Gatekeeper for Macs and McAfee's Scan for dos-types
as a standard. kentn, ITD is supposed to make all that anti-virus
totally available..........

The do, TS.  Unfortunately (my :5 above) "the people in charge of the
network" are not I (well maybe that's fortunate...).  It's a new
world on campus now.  ITD is basically out of it as far as most
computing goes (they are actuall forcing people set up their own
systems and thumb their noses at ITD).  This means we now have to deal
with college-level beaurocrats who controll what gets on the network
server and virus-scan software is one of the things they have there
(albeit three versions out of date), but it is not set up to scan
the user's disks, only the user's network space and the user's computer's
harddrive.  So if we want to scan our floppies, which is apparently
where all the virii are coming from, we need to supply our own virus
scan software.  And it is available via archive.umich.edu and the
SAVD ccid on MTS.  It's just the shortsightedness of the system
administrators that's annoying (and the time it takes to grab the
software from the archive).

Re #12: For Macs: Gatekeeper should be used with GK Aid or you won't
be completely protected. (WDEF infection is not stopped by GK,
although it is detected I think) GK Aid catches it in time.

true, srw, sorry if there was an inadvertant ommission previously.
I've always seen the two as a single package - didn';t consider
otherwise with this particular audience.
  
kentn, that;'s the result of shoddy leadership as stated from
my experience. Too bad all those people have to be unwittingly
in the implosion - oh, well, I tried.

I had a virus scare yesterday.  It was a false alarm, but I
thought others might benefit from my experience.
 
I'm running Windows 3.1 and PC Tools.  Central Point Software,
the vendor of PC Tools, released a new DLL, WNFSV1.DLL, to allow
you to view files zipped with pkzip, version 2.04.  I downloaded
the file and installed it.
 
After a couple of days, I rebooted my computer, and MSAV, the
virus checker that comes with MSDOS 6.0, noted that WNFSV1.DLL
had changed.  Being suspicious of this, I ran F-PROT, a shareware
virus checker.  I was an older version, but I ran it anyway.  It
told me I had the Telecom virus in memory.  Now, I was getting
really scared.
 
So, I booted from a clean disk, then downloaded the latest
version of F-PROT.  I ran this, and everything looked cool. So, I
booted up from the hard disk, running MSAV in the process because
it was in my AUTOEXEC.BAT file.  Again, it reported that
WNFSV1.DLL had changed. Yikes!  At this point, I deleted the
file.
 
I ran F-PROT (this time the latest version) again.  F_PROT again
said that it had found traces of the Telecom virus, but this time
the error message said that this was probably because I had run
MSAV or CPAV since booting the computer.
 
So, apparently, this was all a false alarm.  I reinstalled the
WNFSV1.DLL, reran F-PROT, and everything looks clean.  I don't
know why MSAV said that the file had changed.  I would have
expected the attributes to change when I copied the .DLL file
from the floppy disk, telling MSAV that the change was OK.
Apparently, the attributes didn't change, maybe because the file
name is the same.
 
I think in the future, I'm going to use just one anti-virus
program.  Playing around with two of them, each giving you
different results is not good for the nerves.  I also think I'm
going to make F-PROT my standard anti-virus program.  You can't
beat the price (it's free for non-commercial use), and updates
are readily available.

> 
>  People - please note!    The following new computer viruses have been
>  detected.     Please be alert for them when you scan your computers!
> 
> OPRAH WINFREY VIRUS: Your 200MB hard drive suddenly shrinks to 80MB,
> and then slowly expands back to 200MB.
> 
> AT&T VIRUS: Every three minutes it tells you what great service you
> are getting.
> 
> MCI VIRUS: Every three minutes it reminds you that you're paying too
> much for the AT&T virus.
> 
> PAUL REVERE VIRUS: This revolutionary virus does not horse around. It
> warns you of impending hard disk attack---once if by LAN,
> twice if by C:>.
> 
> POLITICALLY CORRECT VIRUS: Never calls itself a "virus", but instead
> refers to itself as an "electronic microorganism."
> 
> RIGHT TO LIFE VIRUS: Won't allow you to delete a file, regardless of
> how old it is. If you attempt to erase a file, it requires
> you to first see a counselor about possible alternatives.
> 
> ROSS PEROT VIRUS: Activates every component in your system, just
> before the whole damn thing quits.
> 
> MARIO CUOMO VIRUS: It would be a great virus, but it refuses to run.
> 
> TED TURNER VIRUS: Colorizes your monochrome monitor.
> 
> ARNOLD SCHWARZENEGGER VIRUS: Terminates and stays resident. It'll be
> back.
> 
> DAN QUAYLE VIRUS: Their is sumthing rong wit your komputer, ewe
> jus cant figyour out watt!
> 
> GOVERNMENT ECONOMIST VIRUS: Nothing works, but all your diagnostic
> software says everything is fine.
> 
> NEW WORLD ORDER VIRUS: Probably harmless, but it makes a lot of people
> really mad just thinking about it.
> 
> FEDERAL BUREAUCRAT VIRUS: Divides your hard disk into hundreds of
> little units, each of which does practically nothing, but all of
> which claim to be the most important part of your computer.
> 
> GALLUP VIRUS: Sixty percent of the PCs infected will lose 38 percent
> of their data 14 percent of the time. (plus or minus a 3.5 percent
> margin of error.)
> 
> TEXAS VIRUS: Makes sure that it's bigger than any other file.
> 
> ADAM AND EVE VIRUS: Takes a couple of bytes out of your Apple.
> 
> CONGRESSIONAL VIRUS: The computer locks up, screen splits erratically
> with a message appearing on each half blaming the other side for the
> problem.
> 
> AIRLINE VIRUS: You're in California, but your data is in Massachusetts.
> 
> FREUDIAN VIRUS: Your computer becomes obsessed with marrying its own
> motherboard.
> 
> PBS VIRUS: Your programs stop every few minutes to ask for money.
> 
> ELVIS VIRUS: Your computer gets fat, slow and lazy, then self
> destructs; only to resurface at shopping malls and service stations
> across rural America.
> 
> OLLIE NORTH VIRUS: Causes your printer to become a paper shredder.
> 
> NIKE VIRUS: Just does it.
> 
> SEARS VIRUS: Your data won't appear unless you buy new cables, power
> supply and a set of shocks from Sear.
> 
> JIMMY HOFFA VIRUS: Your programs can never be found again.
> 
> CONGRESSIONAL VIRUS #2: Runs every program on the hard drive
> simultaneously, but doesn't allow the user to accomplish anything.
> 
> KEVORKIAN VIRUS: Helps your computer shut down as an act of mercy.
> 
> IMELDA MARCOS VIRUS: Sings you a song (slightly off key) on boot up,
> then subtracts money from your bank account and spends it all
> on expensive shoes it purchases through Prodigy.  After it had tried to
> spend it through CompuServe but was unable to find anything worth
> purchasing in their mall system.
> 
> STAR TREK VIRUS: Invades your system in places where no virus has gone
> before.
> 
> HEALTH CARE VIRUS: Tests your system for a day, finds nothing wrong,
> and sends you a bill for $4,500.
> 
> GEORGE BUSH VIRUS: It starts by boldly stating, "Read my docs....No new
> files!" on the screen. It proceeds to fill up all the free space on
> your hard drive with new files, then blames it on one of the
Congressional
> Virus'.
> 
> CLEVELAND INDIANS VIRUS: Makes your 486/50 machine perform like a 286/AT.
> 
> LAPD VIRUS: It claims it feels threatened by the other files on your PC
> and erases them all in "self defense".
> 
> CHICAGO CUBS VIRUS: Your PC makes frequent mistakes and comes in last in
> the reviews, but you still love it.
> 
> ORAL ROBERTS VIRUS:  Claims that if you don't send it a million dollars,
> it's programmer will take it back.
> 
> VAMPIRE VIRUS:  Screen goes black and mesmerizing displays appear on
> the monitor.  When it feels it has the user under control, sound board
> makes unusually noises sounding like a maniacal laughter then slurping,
> sucking sounds as the RAM, disk space and hard drive configurations
> slowly decrease.  There is no scan that can detect it however, if
> caught early, exposing the CPU to sunlight will destroy it.

I had a virus on my mac which would engage macintalk once every couple of
weeks and just say "Don't Panic."    That's all it would do.  It never 
interfered with any other functions.
        I have long since eliminated this virus with a cluster attack of
several shareware virus programs.

You can record anything you want to replace that "boing" that
announces an error of some kind. Was it a virus, or some "friend"
that changed your...(found it) "Alert sound"?

Nope.  You have to have a sound resource for it to call, and there is nobody
who would have used my machine who would know how to rig something like that
anyway.  Besides, it was a spontaneous, irregular occurence.

It is a property of the nVir A virus that it says "Don't Panic" if you have
Macintalk installed.

nVir A and all the other Mac viruses are described in Disinfectant"
by John Norstad. Disinfectant is free, and it is the source of this info.

I scan memory, io.sys, dos.sys, command.com and the boot manager block daily,
most commands once per week, and all hard drive space once per month.  I do
this using a scheduling program I wrote. 
I also scan everything I get from somewhere else.  I actually got a file full
of several viruses from a binaries group on usenet.  I still have it, but I
don't run anything from that .zip.  ;)  It was a bit reasuring to have the
scan software say something other than OK for once.  I was begining to wonder
if it worked.

 I run "Speed Disk" weekly to defrag my HD, and a disinfectant every time I
startup. I am anal about getting a virus.

I have an evil eye and a wooden spirit-warding statue on my monitor.
Works most of the time, but it didn't keep Windows 95 from spreading
to my hard disk.

 I can't decide if Win 95 is a virus or an OS ;)

So far I have been safe from the Win95 virus.  I was nearly infected by the
WinNT virus which marks all sectors on your HD as used, but the virus crashed
when it discovered that my CD-ROM is not SCSI.

Have you written to the author to see if there's an update?  ;-)
 
I used to get the Stoned virus periodically.  Much of its success was due to
its being unobtrusive, just trying to spread, but a bug caused it to garble
the directory structure of 3.5" floppies with more than a certain number of
files (32ish?) in the root directory.  Quite annoying to have a buggy virus!

We got the WinWord.Concept virus at work, and spread it to a few clients
before we discovered it.  :(  That's one of the virii that's a bunch of Word
macros, and can attach themselves to Word documents.  It doesn't actually have
any destructive code, but it spreads as source code, so it would be easy to
modify to include destructive stuff.  Fortunately, it's easy to trick it into
thinking a computer is already infected and not to infect (just keep an empty
"PayLoad" macro in your normal.dot).  I've been somewhat tempted to take the
source to that and modify it into something that will chase after the
WinWord.Concept virus and get rid of it, but that probably wouldn't be a good
idea.

Our office was attacked with a new virus on MSWord files.  It was undetectable
by the virus guard that we were using (McAfee 2.2.9) and it behaved something
like the Concept virus.  It causes MSword files to be saved as template files.
The name of this virus is N-Pad.  

Hmm. I haven't heard of that one. Did it define macros for you, like concept?
That would make it easy to spot an infection, even if you don't have special
software. Also it is possible to train word to warn you before saving macros,
which can catch an attempted attack of "concept". It would do for n-pad, too,
if it worked the same way.

Hmmm.....   I don't know, but I'll check.  Thanks!

Response not possible - You must register and login before posting.

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss