New Macintosh Virus Discovered (INIT-29-B) - April 1994

 	       New Macintosh Virus Discovered (INIT-29-B)
 			     2 April 1994
 
 
 Virus: INIT-29-B
 Damage: Alters applications, system files, and documents.
 	May cause unexpected program failures or system crashes.
 Spread: few reported cases yet, but might have spread widely.
 Systems affected: All Apple Macintosh computers, all systems.
 
 
 The INIT-29 virus first appeared in late 1988. We do not know much
 about its origin.  A variant of the INIT-29 virus has recently been
 discovered at a West Coast US site.  Its behavior is similar to that
 of the original INIT-29 virus.
 
 Both strains of INIT-29 spread quickly and widely.  INIT-29 viruses
 will alter and infect almost every kind of file, including document
 (data) files; infected document files do not spread the INIT-29 virus,
 however.  All versions of INIT-29 will infect both applications and
 systems files, and will spread from those files.  An application on an
 infected computer may itself become infected even if it is not
 launched or executed.
 
 INIT-29 viruses may reveal themselves when a locked floppy disk is
 inserted in the disk drive.  An infected Mac will display the alert:
       The disk "xxxxx" needs minor repairs.
       Do you want to repair it?
 
 Previous experience with the original INIT-29 virus indicates that the
 INIT-29-B version may cause printing problems and unexpected crashes.
 Some applications may fail to run correctly.  Damage may occur as a
 result of the file and application modifications.
 
 
 According to feedback from the publishers and authors of the major
 anti-viral software programs, information about possibly needed
 upgrades to known, actively supported Mac anti-virus products is as
 follows:
 
 
     Tool: Central Point Anti-Virus
     Status: Commercial software
     Revision to be released: 3.0d
     Where to find: Compuserve, America Online, sumex-aim.stanford.edu,
                    Central Point BBS, (503) 690-6650
     When available: now
     Comments: New 'MacSig' antidote file available - dated 4/2/94.
 
 
     Tool: Disinfectant
     Status: Free software (courtesy of Northwestern University and
 		John Norstad)
     Revision to be released: 3.5
     When available: now
     Where to find: usual archive sites and bulletin boards --
 	           ftp.acns.nwu.edu, sumex-aim.stanford.edu,
                    rascal.ics.utexas.edu, AppleLink, America Online,
                    CompuServe, Genie, Calvacom, MacNet, Delphi,
                    comp.binaries.mac
 
 
     Tool: Gatekeeper
     Status: Free software (courtesy of Chris Johnson)
     Revision to be released: 1.3.1
     When available: last released version (1.3) is effective; no
 	update needed
     Where to find: usual archive sites and bulletin boards --
 	           microlib.cc.utexas.edu, sumex-aim.stanford.edu,
                    rascal.ics.utexas.edu, comp.binaries.mac
     Comments: revision 1.3.1 (responding to INIT-9403) remains
 	pending; release date is currently not available.  It is
 	recommended that you use the latest version of Disinfectant
 	INIT together with the latest released version of GateKeeper;
 	this will provide satisfactory protection.
 
 
     Tool: Rival
     Status: Commercial software
     Revision to be released: N/A
     When available: now.
     Where to find it: 
         America Online: RIVAL, AppleLink: TESTNONE,
         Compuserve: 73112,2144, Internet: [email protected]
     Comments:
 	The current version of Rival detects and removes INIT-29-B 
  
 
     Tool: SAM (Virus Clinic and Intercept)
     Status: Commercial software
     Revision to be released: 3.5.12
     When available: now
     Where to find: CompuServe, America Online, Applelink, Symantec's
                    Customer Service @ 800-441-7234
     Comments: Updates to various versions of SAM to detect and remove
           INIT-29-B are available from the above sources.
 
 
     Tool: Virex
     Status: Commercial software
     Revision to be released: 5.03
     Where to find: Datawatch Corporation (919) 549-0711 
     When available: now
     Comments: Virex 5.03 will detect the INIT29-B in any file, and repair
      any file that has not been permanently damaged. 
      All Virex Protection Service members will automatically be sent an update
      on diskette.  All other registered users will receive a notice by mail.
      Datawatch's BBS number is:  (919) 549-0042.
 	UDV Code for INIT29-B
 	Guide Number = 15753664
 	1: 0302 3000 1276 0000 / 57
 	2: A9F0 303C A997 A146 / 9D
 	3: 2028 FFFC 8180 9090 / 4C
 
 
     Tool: VirusDetective
     Status: Shareware
     Revision to be released: N/A
     When available: now
     Where to find: various Mac archives
     Comments: VirusDetective is shareware.  
 	The current version (5.0.11) identifies INIT-29-B.
 
 
 If you discover what you believe to be a virus on your Macintosh
 system, please report it to the vendor/author of your anti-virus
 software package for analysis.  Such reports make early, informed
 warnings like this one possible for the rest of the Mac community.  If
 you are otherwise unsure of who to contact, you may send e-mail to
 [email protected] as an initial point of contact.
 
 Also, be aware that writing and releasing computer viruses is more
 than a rude and damaging act of vandalism -- it is also a violation of
 many state and Federal laws in the US, and illegal in several other
 countries.  If you have information concerning the author of this or
 any other computer virus, please contact any of the anti-virus
 providers listed above.  Several Mac virus authors have been
 apprehended thanks to the efforts of the Mac user community, and some
 have received criminal convictions for their actions.  This is yet one
 more way to help protect your computers.