Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Syslogd Overwhelming Your Computer?

If your Leopard (Mac OS X 10.5) system is unexpectedly sluggish, logging might be the culprit. Run Activity Monitor (Applications/Utilities/ folder), and click the CPU column twice to get it to show most to least activity. If syslogd is at the top of the list, there's a fix. Syslogd tracks informational messages produced by software and writes them to the asl.db, a file in your Unix /var/log/ directory. It's a known problem that syslogd can run amok. There's a fix: deleting the asl.db file.

Launch Terminal (from the same Utilities folder), and enter these commands exactly as written, entering your administrative password when prompted:

sudo launchctl stop com.apple.syslogd

sudo rm /var/log/asl.db

sudo launchctl start com.apple.syslogd

Your system should settle down to normal. For more information, follow the link.

Visit Discussion of syslogd problem at Smarticus

 

 

Related Articles

 

 

Other articles in the series The Macros Strike Back

 

 

Cross-Platform Virus Strikes Word Users

Send Article to a Friend

Though the possibility of a cross-platform virus moving as interpreted commands in data documents has been considered by computer experts, none had been seen in the user community until this month's discovery that a new virus was spreading within document macros interpreted by Microsoft's WordBasic macro language. The virus, dubbed "Word-Macro-9508" by the Macintosh antivirus community, can spread on any computer system using a version of Microsoft Word 6.0.

So far the virus has been seen mostly on DOS, Windows, and OS/2 computers running Word 6, in various locations in North America and Europe. It has been referred to as "WinWord.Concept", "WW6", and "WW6Macro" in the Windows community, though it is by no means restricted to the Windows version of Word 6. Microsoft's name for the virus is "Prank Macro". The code can be spread merely by opening an infected Word document - even one that has been transferred from a different operating system - since Word's macros are stored as data and are automatically recognized by any current version of the application.

The virus adds several new macros to Word's global macro pool, named "AAAZA0", "AAAZFS", "Payload", and "FileSaveAs". This last activates the virus in an infected file when the user chooses Save As from the File menu. The altered macros are then saved with the file. If the virus has infected your Word documents, you may see an alert window with the digit "1" in it when the virus is triggered, or you may notice that infected Word files are saved as templates rather than normal documents.

IBM has gathered a fair amount of information on the virus and how to combat it, and published it at:

http://www.research.ibm.com/xw-D953-wconc/

Microsoft has released tools to combat the virus, obtainable on the Internet. As of this writing, Microsoft's fix renames the virus rather than removing it, and there have been reports that a supplied file system scan function may not find all infected files on a Macintosh.

http://www.microsoft.com/kb/softlib/mslfiles/ mw1222.hqx
ftp://ftp.microsoft.com/softlib/mslfiles/ mw1222.hqx

[Note that Microsoft still isn't posting BinHex files correctly and this file must be downloaded in binary mode. Try using Netscape, which downloads most everything in binary, or Fetch, which has a Binary button that forces a binary download. Otherwise, configure your FTP client to treat the file suffix ".hqx" as a binary file, and be sure to change the setting back when you're done. -Geoff]

Datawatch Corporation has released an update (version 5.6.1) of its commercial Virex utility for Macintosh, available on commercial online services and at:

ftp://gateway.datawatch.com/pub/

No updates are currently planned for the other Macintosh antiviral utilities; most do not attempt to address viruses that don't take a machine-code form.

Since Mac versions of Microsoft Word prior to 6.0 don't incorporate WordBasic, and since even on newer versions these macros are easily spotted and removed, users need not panic about this virus.

Information from:
Gene Spafford
IBM

 

READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <http://tidbits.com/member_benefits.html>
Special thanks to Eric, Melba Hoover, Benjamin Lowengard, and George
Hunt for their generous support!