Tom Shaw wrote:
> At 9:42 AM +0100 6/23/09, office@jimrailton.com wrote:
>
>> Hi there. Thanks for all the info.
>>
>> The virus is : OF97/Tristate-C
>>
>> We are running a G4 on 9.2.2. Theoretically we could upgrade to osX, but we
>> will be getting new machines in the next couple of months, and our current
>> main system (filemaker 4.1) obviously won't work on osX, as I think the
>> current one is filemaker 9. So we just need to make these machines limp
>> along for a couple more months until our new database system for filemaker 9
>> is written. My main worry, as this is apparently a 'low threat virus' and
>> isn't really affecting us, but when I send a word doc to someone it is
>> either erased, or says it has a virus.
>>
>> As I was going to do some work from home and needed to take files from the
>> affected machine, I didn't want to infect my brand new mac book pro! So I
>> was just trying to see whether I could kill the virus on these machines
>> before moving any files. I suppose once they are on my mac book pro they
>> can be killed, but I hate the thought of deliberately introducing a virus to
>> my lovely new machine.
>>
>> It sounds like it is not going to be possible in any easy sort of way.
>>
>> Thanks again, or for any further suggestions.
Hi Julie,
Having dealt with MS Macro viruses before, I have one suggestion that
will help with future documents but do nothing for existing documents
AND if the existing documents are not cleaned, can lead to a never
ending cycle of infection.
Almost all MS Macro viruses infect the normal.dot file. By doing this,
every new document you create is automatically infected. Here is my
suggestion for stopping the infection of new documents.
With all MS applications closed, search for all .dot (Document Template)
files. If you have found an option to clean files, clean these files, if
not, quarantine the files. Create new .dot files for applications you
use OR copy from a KNOWN clean system. While creating the new dot files,
do not open ANY existing files. Once you have the new files created,
remove the write option on the files to prevent them from being infected
again. Then you should be able to create new files that are not
infected. You could create a test document and send it to your designer
to ensure it is not infected. Write protecting the dot will prevent
existing documents from infecting the templates again.
Thanks, Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
(text/plain)