|
Avid Pro Audio CommunityHow to Join & Post • Community Terms of Use • Help Us Help YouKnowledge Base Search • Community Search • Learn & Support |
|
|
Thread Tools | Search this Thread | Display Modes |
#1
|
|||
|
|||
Mac Virus ALERT! Do not open email topic "Class Synopsis"
I received this file from a friend by accident, no blame, it could happen to any one of us. The title of the email is "Class Synopsis" or "I send this file asking for your advice." Its a "mean spirited" well written little program. The actual attachment is a .PIF file. After having a look at its source code I found out that P.I.F. means "Puter Is Fu****" After spending all yesterday ridding my network of the virus, an almost impossible task once loosed on your Mac; without a lot of Mac knowledge, programming knowledge, specialized software tools and a lot of time. Norton Anti Virus, nor any of the main stream virus tools recognizes it as a virus. The program is designed to destroy any boot device used as a stag•ing area (A temporary platform or system of platforms used for support) to attack it from. It tells the current OS that all HD's are full Zero K available on all disks, so no place to install tools to help you out, boot from a CD it attacks all HD drivers. With each fresh boot up, it spreads until you have no place to stage a counter attack from... even a floppy is infected upon booting from one. I have to admire the bastard who wrote it, everything I could think of, he had already thought of, except one thing. Disconnect all HD's, boot from CD-ROM (a Locked Volume, with Norton system works on it.). Turn Norton Anti Virus on, set to full protection, although Norton does not recognize the virus. It allows you to stop "Virus like activity." Re-attach HD's one at a time, re-boot (NORTON WARNING=STOP ALL VIRUS LIKE ACTIVITY=RESPOND YES) after each HD is attached, install a new driver on each HD as soon as it mounts, with Apple. Drive Setup and run Norton disc doctor on the disc. The virus seems to attack HD drivers as step one, step two attacks B-Tree directory info, step three is Master directory Block/Driver attack wave two.
In short, make a bootable CD on another computer, with Norton system works installed on the CD's system you create, set CD to auto-launch Norton from the CD, set to FULL VIRUS protection. Disconnect all discs from the infected cpu. Boot from the CD you made once with no HD's attached, then attach HD#1 reboot from the CD you made, instantly install an apple HD driver as soon as the volume mounts or does not mount but is recognized; and run Norton disc doctor. Do this for each disc one at a time. The virus untreated will eventually wipe out all your MDB's and crash your HD's.... OF COURSE, IF YOU RECEIVE A "PIF" ATTACHMENT or THIS EMAIL VIRUS MSG., DO NOT OPEN THE ATTCHMENT. ERASE RIGHT AWAY. ------------------FWD: PLEASE NOTE: A virus was sent to me, randomly. It's sending it out, randomly... Some people were in my address book, others were not. The Subject seems to be changing -- the one I've sent is "Class Synopsis" . Regardless of Subject, DO NOT open the file attachment if you get a message from me that reads: "Hi. How are you? I send you this file in order to have your advice."-------------------------------- |
#2
|
|||
|
|||
Re: Mac Virus ALERT! Do not open email topic "Class Synopsis"
Thanks, E, for yet another informative & important post.
__________________
Paul Berolzheimer Sound recording & manipulation since 1980 [email protected] (818) 549-0622 |
#3
|
|||
|
|||
Re: Mac Virus ALERT! Do not open email topic "Class Synopsis"
Hey E! I received that email/virus last week from a record company. They called and warned me after I'd already tried to open it using Word & from inside of Virtual PC (since it said it was an Office doc) Anyway, norton didn't recognize it as a virus but I trashed it, and so far seem to have suffered no ill effects. Still wondering if it's lingering around waiting to cause future damage. Also, no one in my address book seems to have gotten it from me, so maybe it's gone.
|
#4
|
|||
|
|||
Re: Mac Virus ALERT! Do not open email topic "Class Synopsis"
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by Darrell Diaz:
Hey E! I received that email/virus last week from a record company. They called and warned me after I'd already tried to open it using Word & from inside of Virtual PC (since it said it was an Office doc) Anyway, norton didn't recognize it as a virus but I trashed it, and so far seem to have suffered no ill effects. Still wondering if it's lingering around waiting to cause future damage. Also, no one in my address book seems to have gotten it from me, so maybe it's gone.<HR></BLOCKQUOTE> I took the exact steps you did Word/VPC. Yes the virus is possibly still on your system. Do search by .pif use command F, then hit command M while sherlock is open. Check? file is invisible, enter .pif as a serach string, then search. I found that the virus had made an out going file, dozens of them for each email program I had. Each outgoing file was set to be sent on Oct 17. I erased all the invisible files and suddenly my HD's reflected the correct amount of space available, I freed up about 20 gigs doing this. Also empty the trash cache, after taking a look at what is inside it. This is a nasty virus. Do a final search for invisible files, enter no txt. string, just search with invisible checked and look at what you see. So far everything seems ok, after getting rid of the invisible virus files. Regards e |
#5
|
||||
|
||||
Re: Mac Virus ALERT! Do not open email topic "Class Synopsis"
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by editor:
I received this file from a friend by accident, no blame, it could happen to any one of us. The title of the email is "Class Synopsis" or "I send this file asking for your advice."<HR></BLOCKQUOTE> Doesn't look like a Mac virus, but check out one of the following for more info: http://vil.mcafee.com/dispVirus.asp?virus_k=99141& http://vil.nai.com/vil/virusSummary.asp?virus_k=99141 http://www.symantec.com/avcenter/[email protected]
__________________
• linkedin •
|
#6
|
|||
|
|||
Re: Mac Virus ALERT! Do not open email topic "Class Synopsis"
__________________
"The original nipper" Throw me a bone (Telefunken DI is ok too) |
#7
|
|||
|
|||
Re: Mac Virus ALERT! Do not open email topic "Class Synopsis"
Sounds like the dreaded malformed macro...
FX both .pc and macintosh platforms- MS Excel & Powerpoint 97,98,2000,2001,2002 The fix is from Microsoft. http://www.microsoft.com/technet/tre...n/MS01-050.asp
__________________
"The original nipper" Throw me a bone (Telefunken DI is ok too) |
#8
|
|||
|
|||
Re: Mac Virus ALERT! Do not open email topic "Class Synopsis"
I read somewhere that if you create a new contact in your address book and name It **!0000 with no e-mail address and put it at the top of your contact list,it will stop out going viruses.I did it. Don't know if it works.
|
#9
|
||||
|
||||
Re: Mac Virus ALERT! Do not open email topic "Class Synopsis"
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by lamp:
I read somewhere that if you create a new contact in your address book and name It **!0000 with no e-mail address and put it at the top of your contact list,it will stop out going viruses.I did it. Don't know if it works.<HR></BLOCKQUOTE> It won't
__________________
Park The Transfer Lab at Video Park Analog tape to Pro Tools transfers, 1/4"-2" http://www.videopark.com MacPro 6 core 3.33 GHz, OS 10.12.1, 8 GB RAM, PT12.6.1, Focusrite Saffire Pro 40, PreSonus DigiMax, MC Control V3.5, dual displays, Neumann U-47, Tab V76 mic pre, RCA 44BX and 77DX, MacBook Pro 9,1, 2.3 Mhz, i7, CBS Labs Audimax and Volumax. Ampex 440B half-track and four-track, 351 tube full-track mono, MM-1100 16-track. |
#10
|
|||
|
|||
Re: Mac Virus ALERT! Do not open email topic "Class Synopsis"
(we got the Snowite(sp) virus {Sircan Worm} this summer....Spit out 2,000 copies of itself in one hour- from inbox addresses) But that's .pc only.
Norton only catches it after LiveUpdate FWIW Now if anyone can figure out how to run a binary executable on a macintosh...I can apply the 'fix' Those Microsoft wizards did it again.
__________________
"The original nipper" Throw me a bone (Telefunken DI is ok too) |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Cannot open PT9 Session in PT10 - ""could not complete the open sessions command..." | median | Pro Tools 10 | 5 | 10-01-2013 11:14 AM |
No email alert on topic response | SoundQuarters | General Discussion | 14 | 06-25-2011 12:17 PM |
PT9 Session Troubles - "Bus Error" in "Main Thread" & Could not complete the Open... | tohmit | macOS | 5 | 03-23-2011 12:13 PM |
"Unable to load class:"TPopup" | Kirby B. | 003, Mbox 2, Digi 002, original Mbox, Digi 001 (Win) | 12 | 07-01-2010 05:47 AM |
PT 8.1 audio "hits" or "pops" when i open files from PT7... | djoeyd77 | Pro Tools TDM Systems (Mac) | 1 | 10-31-2009 03:59 AM |