At 9:42 AM +0100 6/23/09, [email protected] wrote: >Hi there. Thanks for all the info. > >The virus is : OF97/Tristate-C > >We are running a G4 on 9.2.2. Theoretically we could upgrade to osX, but we >will be getting new machines in the next couple of months, and our current >main system (filemaker 4.1) obviously won't work on osX, as I think the >current one is filemaker 9. So we just need to make these machines limp >along for a couple more months until our new database system for filemaker 9 >is written. My main worry, as this is apparently a 'low threat virus' and >isn't really affecting us, but when I send a word doc to someone it is >either erased, or says it has a virus. > >As I was going to do some work from home and needed to take files from the >affected machine, I didn't want to infect my brand new mac book pro! So I >was just trying to see whether I could kill the virus on these machines >before moving any files. I suppose once they are on my mac book pro they >can be killed, but I hate the thought of deliberately introducing a virus to >my lovely new machine. > >It sounds like it is not going to be possible in any easy sort of way. > >Thanks again, or for any further suggestions.
Julie, I am assuming that since you know you have OF97/Tristate-C a customer must have told you. OF97/Tristate-C is a MS Office virus. See http://www.sophos.com/security/analyses/viruses-and-spyware/of97crownb.html http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=O97M_TRISTATE This is a MS Office virus that spreads via Visual Basic. Anyone who has opened those infected MS Office files will have all/most/many of the MS Office files on their machines have also been infected. The easiest way to deal with this is 1) turn off VB Macros in Word, Powerpoint and Excel. This should not be an issue to you as MS Office 2008 doesn't even support Visual Basic. For 2004 and before, I can't remember what to do for these older versions of MS Office but you can set up these to warn you if a document contains VB Macros. The good news is that VB macro viruses cannot propagate unless they are run inside of an open MS Office document. The bad news is that you, by sending copies of these infected documents to others, are infecting others - specially since this virus disables MS Office virus protection on PC's allowing other viruses a way in. Here are your options: 1) This is the cheapest dollar wise and most expensive labor wise. Since you say these machines have internet access and if the contents are not sensitive, you can just upload them to http://www.virustotal.com/ to have them checked. For those that are infected, open them in MS Office 2008 on OSX; create a new untitled document; go back to the open infected document and copy the entire contents to the new document and save; delete the original infected document 2) Copy the MS Office files to an OSX machine; buy an commercial AV system; disinfect; destroy original infected files; copy back the cleaned ones. TrendMicro: http://www.kqzyfj.com/nk105hz74z6MONUQTSSMONROQSWQ Sophos: http://www.sophos.com/products/enterprise/endpoint/security-and-control/8.0/mac/ Norton: http://www.symantec.com/norton/macintosh/antivirus-dual-protection There are free/shareware options but many of these cannot disinfect. They only detect. As I surmise you want to clean up your act a commercial version may be in order. A list of free/shareware: http://www.geckoandfly.com/2009/03/19/download-the-best-mac-os-x-anti-spyware-and-anti-virus-software-for-free/ I have to say you might be better off just hiring a local Mac guy for a couple of hours to make this painless. Tom -- Tom Shaw - Chief Engineer, OITC <tshaw at oitc.com>, http://www.oitc.com/ local wx: http://www.oitc.com/weather US Phone Numbers: 321-984-3714, 321-729-6258(fax), 321-258-2475(cell/voice mail,pager) Text Paging: http://www.oitc.com/Pager/sendmessage.html AIM/iChat: [email protected] Fish more and Live longer _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
