New Macintosh Virus Discovered (INIT-29-B) - April 1994
Jump to navigation Jump to search
New Macintosh Virus Discovered (INIT-29-B) 2 April 1994 Virus: INIT-29-B Damage: Alters applications, system files, and documents. May cause unexpected program failures or system crashes. Spread: few reported cases yet, but might have spread widely. Systems affected: All Apple Macintosh computers, all systems. The INIT-29 virus first appeared in late 1988. We do not know much about its origin. A variant of the INIT-29 virus has recently been discovered at a West Coast US site. Its behavior is similar to that of the original INIT-29 virus. Both strains of INIT-29 spread quickly and widely. INIT-29 viruses will alter and infect almost every kind of file, including document (data) files; infected document files do not spread the INIT-29 virus, however. All versions of INIT-29 will infect both applications and systems files, and will spread from those files. An application on an infected computer may itself become infected even if it is not launched or executed. INIT-29 viruses may reveal themselves when a locked floppy disk is inserted in the disk drive. An infected Mac will display the alert: The disk "xxxxx" needs minor repairs. Do you want to repair it? Previous experience with the original INIT-29 virus indicates that the INIT-29-B version may cause printing problems and unexpected crashes. Some applications may fail to run correctly. Damage may occur as a result of the file and application modifications. According to feedback from the publishers and authors of the major anti-viral software programs, information about possibly needed upgrades to known, actively supported Mac anti-virus products is as follows: Tool: Central Point Anti-Virus Status: Commercial software Revision to be released: 3.0d Where to find: Compuserve, America Online, sumex-aim.stanford.edu, Central Point BBS, (503) 690-6650 When available: now Comments: New 'MacSig' antidote file available - dated 4/2/94. Tool: Disinfectant Status: Free software (courtesy of Northwestern University and John Norstad) Revision to be released: 3.5 When available: now Where to find: usual archive sites and bulletin boards -- ftp.acns.nwu.edu, sumex-aim.stanford.edu, rascal.ics.utexas.edu, AppleLink, America Online, CompuServe, Genie, Calvacom, MacNet, Delphi, comp.binaries.mac Tool: Gatekeeper Status: Free software (courtesy of Chris Johnson) Revision to be released: 1.3.1 When available: last released version (1.3) is effective; no update needed Where to find: usual archive sites and bulletin boards -- microlib.cc.utexas.edu, sumex-aim.stanford.edu, rascal.ics.utexas.edu, comp.binaries.mac Comments: revision 1.3.1 (responding to INIT-9403) remains pending; release date is currently not available. It is recommended that you use the latest version of Disinfectant INIT together with the latest released version of GateKeeper; this will provide satisfactory protection. Tool: Rival Status: Commercial software Revision to be released: N/A When available: now. Where to find it: America Online: RIVAL, AppleLink: TESTNONE, Compuserve: 73112,2144, Internet: [email protected] Comments: The current version of Rival detects and removes INIT-29-B Tool: SAM (Virus Clinic and Intercept) Status: Commercial software Revision to be released: 3.5.12 When available: now Where to find: CompuServe, America Online, Applelink, Symantec's Customer Service @ 800-441-7234 Comments: Updates to various versions of SAM to detect and remove INIT-29-B are available from the above sources. Tool: Virex Status: Commercial software Revision to be released: 5.03 Where to find: Datawatch Corporation (919) 549-0711 When available: now Comments: Virex 5.03 will detect the INIT29-B in any file, and repair any file that has not been permanently damaged. All Virex Protection Service members will automatically be sent an update on diskette. All other registered users will receive a notice by mail. Datawatch's BBS number is: (919) 549-0042. UDV Code for INIT29-B Guide Number = 15753664 1: 0302 3000 1276 0000 / 57 2: A9F0 303C A997 A146 / 9D 3: 2028 FFFC 8180 9090 / 4C Tool: VirusDetective Status: Shareware Revision to be released: N/A When available: now Where to find: various Mac archives Comments: VirusDetective is shareware. The current version (5.0.11) identifies INIT-29-B. If you discover what you believe to be a virus on your Macintosh system, please report it to the vendor/author of your anti-virus software package for analysis. Such reports make early, informed warnings like this one possible for the rest of the Mac community. If you are otherwise unsure of who to contact, you may send e-mail to [email protected] as an initial point of contact. Also, be aware that writing and releasing computer viruses is more than a rude and damaging act of vandalism -- it is also a violation of many state and Federal laws in the US, and illegal in several other countries. If you have information concerning the author of this or any other computer virus, please contact any of the anti-virus providers listed above. Several Mac virus authors have been apprehended thanks to the efforts of the Mac user community, and some have received criminal convictions for their actions. This is yet one more way to help protect your computers.