New Macintosh Virus Discovered (INIT-29-B)
2 April 1994
Virus: INIT-29-B
Damage: Alters applications, system files, and documents.
May cause unexpected program failures or system crashes.
Spread: few reported cases yet, but might have spread widely.
Systems affected: All Apple Macintosh computers, all systems.
The INIT-29 virus first appeared in late 1988. We do not know much
about its origin. A variant of the INIT-29 virus has recently been
discovered at a West Coast US site. Its behavior is similar to that
of the original INIT-29 virus.
Both strains of INIT-29 spread quickly and widely. INIT-29 viruses
will alter and infect almost every kind of file, including document
(data) files; infected document files do not spread the INIT-29 virus,
however. All versions of INIT-29 will infect both applications and
systems files, and will spread from those files. An application on an
infected computer may itself become infected even if it is not
launched or executed.
INIT-29 viruses may reveal themselves when a locked floppy disk is
inserted in the disk drive. An infected Mac will display the alert:
The disk "xxxxx" needs minor repairs.
Do you want to repair it?
Previous experience with the original INIT-29 virus indicates that the
INIT-29-B version may cause printing problems and unexpected crashes.
Some applications may fail to run correctly. Damage may occur as a
result of the file and application modifications.
According to feedback from the publishers and authors of the major
anti-viral software programs, information about possibly needed
upgrades to known, actively supported Mac anti-virus products is as
follows:
Tool: Central Point Anti-Virus
Status: Commercial software
Revision to be released: 3.0d
Where to find: Compuserve, America Online, sumex-aim.stanford.edu,
Central Point BBS, (503) 690-6650
When available: now
Comments: New 'MacSig' antidote file available - dated 4/2/94.
Tool: Disinfectant
Status: Free software (courtesy of Northwestern University and
John Norstad)
Revision to be released: 3.5
When available: now
Where to find: usual archive sites and bulletin boards --
ftp.acns.nwu.edu, sumex-aim.stanford.edu,
rascal.ics.utexas.edu, AppleLink, America Online,
CompuServe, Genie, Calvacom, MacNet, Delphi,
comp.binaries.mac
Tool: Gatekeeper
Status: Free software (courtesy of Chris Johnson)
Revision to be released: 1.3.1
When available: last released version (1.3) is effective; no
update needed
Where to find: usual archive sites and bulletin boards --
microlib.cc.utexas.edu, sumex-aim.stanford.edu,
rascal.ics.utexas.edu, comp.binaries.mac
Comments: revision 1.3.1 (responding to INIT-9403) remains
pending; release date is currently not available. It is
recommended that you use the latest version of Disinfectant
INIT together with the latest released version of GateKeeper;
this will provide satisfactory protection.
Tool: Rival
Status: Commercial software
Revision to be released: N/A
When available: now.
Where to find it:
America Online: RIVAL, AppleLink: TESTNONE,
Compuserve: 73112,2144, Internet: [email protected]
Comments:
The current version of Rival detects and removes INIT-29-B
Tool: SAM (Virus Clinic and Intercept)
Status: Commercial software
Revision to be released: 3.5.12
When available: now
Where to find: CompuServe, America Online, Applelink, Symantec's
Customer Service @ 800-441-7234
Comments: Updates to various versions of SAM to detect and remove
INIT-29-B are available from the above sources.
Tool: Virex
Status: Commercial software
Revision to be released: 5.03
Where to find: Datawatch Corporation (919) 549-0711
When available: now
Comments: Virex 5.03 will detect the INIT29-B in any file, and repair
any file that has not been permanently damaged.
All Virex Protection Service members will automatically be sent an update
on diskette. All other registered users will receive a notice by mail.
Datawatch's BBS number is: (919) 549-0042.
UDV Code for INIT29-B
Guide Number = 15753664
1: 0302 3000 1276 0000 / 57
2: A9F0 303C A997 A146 / 9D
3: 2028 FFFC 8180 9090 / 4C
Tool: VirusDetective
Status: Shareware
Revision to be released: N/A
When available: now
Where to find: various Mac archives
Comments: VirusDetective is shareware.
The current version (5.0.11) identifies INIT-29-B.
If you discover what you believe to be a virus on your Macintosh
system, please report it to the vendor/author of your anti-virus
software package for analysis. Such reports make early, informed
warnings like this one possible for the rest of the Mac community. If
you are otherwise unsure of who to contact, you may send e-mail to
[email protected] as an initial point of contact.
Also, be aware that writing and releasing computer viruses is more
than a rude and damaging act of vandalism -- it is also a violation of
many state and Federal laws in the US, and illegal in several other
countries. If you have information concerning the author of this or
any other computer virus, please contact any of the anti-virus
providers listed above. Several Mac virus authors have been
apprehended thanks to the efforts of the Mac user community, and some
have received criminal convictions for their actions. This is yet one
more way to help protect your computers.