Disinfectant has just been updated to version 3.0. It should be available in the Mac Software Library real soon now. [ED: It's file #27066 - JIM] Following is John Norstad's announcement for the new version:
Disinfectant 3.0 is a new release of our free Macintosh anti-viral utility.
Version 3.0 detects the new T4-C strain of the T4 virus and a new version of the CDEF virus.
The new T4-C strain of the T4 virus is very similar to the T4-A strain. It was discovered at the University of Illinois at Urbana-Champaign by a Gatekeeper user when an infected application attempted to rename itself "Disinfectant". Thanks to Chris Johnson and his Gatekeeper program for helping to discover this new strain.
The new version of the CDEF virus was discovered in New York. There are only minor technical differences between the new version and the original virus. Unfortunately, the new version escaped detection by the Disinfectant version 2.9 protection INIT (but not by the application). The Disinfectant version 3.0 INIT fixes this problem. In version 3.0, both the INIT and the application recognize both the original virus and the new version.
Please consult the Disinfectant online manual for more detailed information about the T4 and CDEF viruses.
Note that this version 3.0 is NOT a major new release of Disinfectant with major new features. Normally, with Mac programs, a minor upgrade is indicated by increasing the number after the decimal point in the version number. According to this rule, this new version should be numbered 2.10. Unfortunately, Apple's version numbering scheme does not permit more than one digit after the decimal point. For this reason, this new version is numbered 3.0.
We also fixed some errors which could cause crashes when scanning pathological files with very large resources (e.g., the "PSpice" program).
This version also fixes a problem with Aladdin Systems' StuffIt SpaceSaver product. In some cases, Disinfectant would improperly report that compressed files had damaged resource forks.
Disinfectant 3.0 is available now via anonymous FTP from site ftp.acns.nwu.edu [129.105.113.52]. It will also be available soon on sumex- aim.stanford.edu and info-mac mirror sites, rascal.ics.utexas.edu, comp.binaries.mac, America Online, CompuServe, GEnie, Delphi, BIX, MacNet, Calvacom, and other popular sources of free and shareware software.
Macintosh users who do not have access to electronic sources of free and shareware software may obtain a copy of Disinfectant by sending a self- addressed stamped envelope and an 800K floppy disk to the author at the address given below. People outside the US may send an international postal reply coupon instead of US stamps (available from any post office). Please use sturdy envelopes, preferably cardboard disk mailers.
People in Western Europe may obtain a copy of the latest version of Disinfectant by sending a self-addressed disk mailer and an 800K floppy disk to macclub benelux. Stamps are not required. The address is:
macclub benelux Disinfectant Update Wirtzfeld Valley 140 B-4761 Bullingen Belgium
Mactivity-macclub benelux also offers an international update service for Disinfectant. This service is available to people anywhere in the world, not just Western Europe. For a fee they will send you new versions of Disinfectant as new viruses appear. Write to them at the above address for more information.
John Norstad Academic Computing and Network Services Northwestern University 2129 Campus Drive North Evanston, IL 60208 USA j-norstad@nwu.edu (J.R.MACAK, CAT5, TOP50, MSG:25/m605)
************ Topic 29
Wed Mar 09, 1988 J.PENNER (Forwarded) Sub: virus programs
this is about virus programs, and trojan horses, and other neat & nasty things that spread themselves.
CDEF Damage: as with CDEF Spread: unknown Systems affected: Apple Macintosh computers running pre-Version 7.
A minor variant of the CDEF virus has been discovered. The damage and effects are identical to the original CDEF virus. CDEF viruses only affect Macintoshes running a version of the Mac OS prior to Version 7.
Almost all Macintosh anti-virus tools already detect this new strain of CDEF. The authors of all other major Macintosh anti-virus tools are planning updates to their tools to recognize this virus variant. Some of these are listed below. We recommend that you obtain and run a CURRENT version of AT LEAST ONE of these programs.
Second Virus (Variant):
T4-C Damage: altered boot code; altered/damaged applications; damaged system Spread: unknown Systems affected: Apple Macintosh computers. All types.
The T4 virus was discovered in June of 1992. A previously unseen variant, being called T4-C, has recently been discovered. Many machines at the discovering site have been affected by T4-C, and the potential for wider dissemintion exists.
Like the other T4 strains, this virus attempts to modify system boot code, and also changes the names of some applications to "Disinfectant". The virus does not work as (we assume) the author intended, and files may be left with changed names and possibly other damage. The system file may also be altered, and the damage may render some systems unbootable.
The virus also attempts to modify application files on the system disk. These alterations may damage some applications by overwriting portions of the programs with the virus code; as a result, some damaged applications may need to be reinstalled after the virus has been removed.
Once installed and active, the T4-C virus does not appear to perform any other overt damage. The virus, when active, may print a message indicating that the system is infected with the T4 virus.
Some Macintosh anti-virus tools already detect this new strain of T4. The authors of all other major Macintosh anti-virus tools are planning updates to their tools to locate and/or eliminate this virus. Some of these are listed below. We recommend that you obtain and run a CURRENT version of AT LEAST ONE of these programs.
Updated Mac Anti-Virus Products
Tool: Central Point Anti-Virus
Status: Commercial software
Revision to be released: 2.01c
Where to find: Compuserve, America Online, sumex-aim.stanford.edu, Central Point BBS, (503) 690-6650
When available: immediately
Notes: Users do not need a revision of the AV application. Users need to obtain the 2/24/93 version of the MacSig file.
Tool: Disinfectant
Status: Free software (courtesy of Northwestern University and John Norstad)
Revision to be released: 3.0
Where to find: usual archive sites and bulletin boards -- ftp.acns.nwu.edu, sumex-aim.stanford.edu, rascal.ics.utexas.edu, AppleLink, America Online, CompuServe, Genie, Calvacom, MacNet, Delphi, comp.binaries.mac
When available: immediately
Note: release 3.0 is *not* a major new release of Disinfectant. Be sure to read the release notes for details of the version number change.
Tool: Gatekeeper
Status: Free software (courtesy of Chris Johnson)
Revision to be released: No new revision needed; 1.2.7 works for both.
Where to find: usual archive sites and bulletin boards -- microlib.cc.utexas.edu, sumex-aim.stanford.edu, rascal.ics.utexas.edu, comp.binaries.mac
When available: immediately
Tool: Rival
Status: Commercial software
Revision to be released: All current versions starting with 1.1.9w are effective; no new release is needed.
Where to find it: GEnie, AppleLink, America Online, Internet, Compuserve.
When available: Immediately.
Tool: SAM (Virus Clinic and Intercept)
Status: Commercial software
Revision to be released: 3.5.3
Where to find: CompuServe, America Online, Applelink, Symantec's Customer Service @ 800-441-7234
When available: immediately
Notes: SAM 3.5 and SAM Intercept 3.0 both recognize these viruses, and both can remove the CDEF strain. An update is required to remove the T4-C strain from undamaged files. This may be obtained from the locations listed above, or by ftp from rascal.ics.utexas.edu in the mac/virus-catchers/SAM directory.
Tool: Virex
Status: Commercial software
Revision to be released: Current version is effective: 3.91
Where to find: Microcom, Inc (919) 490-1277
When available: February 28
Comments: Virex 3.91 will detect the viruses in any file, and repair any file that has not been permanently damaged. Users of Virex, version 3.82 or greater, are already able to detect the T4-C infection. The CDEF virus is detected and repaired in versions 3.0 and greater. All Virex subscribers will automatically be sent an update on diskette. All other registered users will receive a notice by mail. Datawatch's BBS number is: (919) 419-1602.
Tool: VirusDetective
Status: Shareware
Revision to be released: no new release is needed; current version is 5.0.6
When available: immediately
If you discover what you believe to be a virus on your Macintosh system, please report it to the vendor/author of your anti-virus software package for analysis. Such reports make early, informed warnings like this one possible for the rest of the Mac community. If you are otherwise unsure of who to contact, you may send e-mail to spaf@cs.purdue.edu as an initial point of contact.
Also, be aware that writing and releasing computer viruses is more than a rude and damaging act of vandalism -- it is also a violation of many state and Federal laws in the US, and illegal in several other countries. If you have information concerning the author of this or any other computer virus, please contact any of the anti-virus providers listed above. Several Mac virus authors have been apprehended thanks to the efforts of the Mac user community, and some have received criminal convictions for their actions. This is yet one more way to help protect your computers.
