Sun, 30 Aug 1998 08:10:58 -0800
From: [log in to unmask]
Date: Sat, 29 Aug 1998 16:21:09 EDT
To: [log in to unmask]
Subject: Mac virus/worms.
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.cruzio.com id
If you want to share some info I have found, you can pass this on.
Up to date virus definations.
About mid-July we were informed by a service bureau that one of our disks had
a virus. We purchased Norton AntiVirus by Symantec. The program initially
reported virus-like activity "DelDB" and that it was deleted on our 3 Power
Macs and all the Zip disks. Great!!!
We thought the problem was solved. But then the AutoScan feature began
issuing warnings that a virus-like program was attempting to start up. The
program was named DelDesktop Print Spooler, which sounds similar to DelDB.
However, it sounds innocent enough and in ignorance we may have clicked
"Allow" at one point. It was not clear that this was a virus so I attempted
to contact the Symantec helpline, but even after staying on the line 30-45
minutes (on our nickel) had no results. Several attempts were made. Some of
their phone numbers are not current!
We even purchased Virex, which was published Dec/1997 so it is
already out of
date & couldn't find any AutoStart worms. There was no online help or
updating server. They did not respond to our problem and a request for an
The "AutoStart' Virus/worm can quickly fool the virus detection
stating that 'no viruses are present', but soon we couldn't print & then Quark
& Word wouldn't open. Files were crashing on all 3 machines. Although I
couldn't speak with a "live" tech, fortunately my Norton AntiVirus program is
on a CD that was updated in May of 1998, plus they offer updates through their
online server. After the update was downloaded we were able to begin to
laborously route out the "DelDB" AutoStart worm.
The latest Norton solutions were posted July 10 & July 26 which
very current with the epidemic of viruses for Mac. If the 'AutoStart worm' is
present you will often see "DelDB" or "Del Desktop Print Spooler" as an
application file or in extensions folder. Sometimes they can be seen without
the AntiVirus detection program. But usually their icons cannot be seen except
on the AntiVirus menu.
These programs look innocent & they can hide; so after updating,
hard disks and run the program on all removable media by opening and scanning
every file – not just the whole disk.
This was a very costly period of time. From first awareness to
functional again, we lost over a month. I would like to propose to everyone
who will listen that we report the first finding of a virus to a information
center. If we check our online activities and which disks sent out or came to
us infected, perhaps we can zero in on the origination of some of this
mischief. Also the provenders of Virus solutions should be more involved with
[log in to unmask]