Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

INIT 1984 Virus

These things come in fits and spurts. We went a long time without a new virus, and the world was a better place for it. Then wham, two viruses within a few weeks of each other. People who have files infected with this new virus will definitely want to get the attention of the as-yet-unknown anti-social troglodyte author, although I expect that attention will again fall into the category of violence to the knee cap region.

This new virus is called "INIT 1984" presumably for the resource number that it installs in infected files. It differs from previous Macintosh viruses in two ways, one fortunate, one unfortunate. Luckily, it only installs itself in system extensions of the type INIT and does not affect the System file, the desktop file, control panels, applications, or data files. This is good because INITs are shared less than applications, which means that INIT 1984 has spread slowly, and indeed, only a few infections have been reported, one in the US and one in Europe. Apparently the virus works under both System 6 and System 7 though on old Macs with the 64K ROMs (the 128K and 512K Macs), the virus will cause crashes at boot time.

Unfortunately, this is also the first virus that intentionally causes damage to the files on infected hard disks when it is triggered on any Friday the 13th in 1991 or later years. Damage includes changing the names and attributes of a large number of folders and files to random strings and the deletion of approximately 2% of your files. Needless to say, the file deletion aside, changed file and folder names and attributes would be almost completely impossible to fix if a backup was not available.

The virus was discovered when it activated a few weeks ago on 13-Mar-92, but it's possible that other Macs were damaged when the virus would have activated on 13-Sep-91 and 13-Dec-91. If you think you may have had files damaged or deleted on one of those two dates, please contact Gene Spafford at <>. If you are not on the Internet, feel free to send mail to TidBITS and we'll forward it to Gene.

Looking quickly at a calendar, I see that the next Friday the 13th isn't until November of 1992, so the virus is not likely to damage your data until then if it hasn't already. However, you should immediately get an updated version of your favorite anti-virus utility to avoid further spreading of any existing infections. My favorite anti-virus utility, Disinfectant, has been upgraded to version 2.7 by its erstwhile author, John Norstad of Northwestern University and should be available at your favorite purveyor of public domain and shareware software. Do note one important change with Disinfectant. The Disinfectant INIT must now load before all other INITs to be able to detect and prevent INIT 1984 from doing its dirty deeds. All other anti-virus utilities will also be updated to detect and eliminate INIT 1984 as you read this, so go grab one now. Incidently, the current versions of both Gatekeeper and SAM Intercept generate an alert if this virus attempts to spread to other files. However, you should still get the updates to those programs so they specifically recognize that virus for what it is.

Information from:
Gene Spafford --
Mark H Anbinder, TidBITS Contributing Editor


Setapp: Explore a universe of apps for just $9.99 per month!
No ads, in-app purchases, or paid upgrades—just great Mac apps.
Try RapidWeaver, Ulysses, Capto, Gemini, Simon, iFlicks, and more!
Expand your Mac’s capabilities today! <>