________________________________________________________________________
		THE COMPUTER INCIDENT ADVISORY CAPABILITY

				 CIAC

			INFORMATION BULLETIN
________________________________________________________________________

Eradicating WDEF using Disinfectant 1.5 or 1.6		


February 2, 1990, 1400 PST                            	Number A-17

CIAC Information Bulletin A-9 reported the existence of the WDEF virus on 
Macintosh computers.  The purpose of this bulletin is to provide additional 
information about eradicating this virus.

Disinfectant 1.5 and the most recent version, Disinfectant 1.6, are capable 
of detecting and eradicating WDEF, but are not designed to prevent the 
spread of WDEF during its execution.  If an infected disk is inserted into 
the Macintosh while Disinfectant is running (for the purposes of eradicating 
WDEF), WDEF will infect ANY OTHER UNLOCKED MOUNTED VOLUMES.  If Disinfectant 
is to be used to eradicate a WDEF infection, CIAC recommends the following 
procedure:

	1.  Prepare a system disk using LOCKED originals.  Use the 
instructions provided with the Macintosh documentation if you require 
assistance in preparing this system disk.  If possible, you should not use 
your hard disk to prepare this system disk.  Copy Disinfectant version 1.5 
or version 1.6 to this disk.  Lock the disk and shut down the system.

	2.  Reboot the Macintosh using the prepared system disk.  Launch 
Disinfectant off the floppy and use the SCAN function to check your hard disk 
for the WDEF virus.  If found, use the DISINFECT function to remove WDEF from 
your hard disk.  Quit Disinfectant.

	3.  Reboot the Macintosh using this prepared system disk.  You should 
drag any hard disks that automatically appear on the desktop to trash to 
unmount them.  Launch the copy of Disinfectant on the system disk.  Use the 
SCAN facility of Disinfectant to verify that WDEF has not infected the system 
disk.  If it has, you will have to eject the system disk, unlock it, and 
insert it again.  Use the DISINFECT function of Disinfectant to eradicate 
WDEF.  Next, you should eject the system disk and lock it again.  Reinsert 
the system disk.

	4.  Use Disinfectant to scan ALL of your floppy disks.  WDEF will 
infect both system and non-system disks; to completely eradicate WDEF you 
will have to disinfect all of your disks (including backup disks).  DO NOT 
USE YOUR HARD DRIVE DURING THIS PROCEDURE.

	5.  Once all of your floppy disks are disinfected, reboot your system 
using the locked system disk.  Now run Disinfectant and disinfect your hard 
disk.  Once WDEF has been eradicated from all floppies and your hard disk, the 
eradication procedure is complete.

The most recent versions of other tools such as SAM, VIREX, GATEKEEPER, and  
GATEKEEPER AID may also be used to eradicate or prevent the spread of the
WDEF virus.  If you have questions concerning these tools, contact CIAC for 
assistance. 

For further information, or for a copy of Disinfectant 1.6, please contact 
CIAC:
 
        Tom Longstaff	
	(415) 423-4416 or (FTS) 543-4416
	FAX: (FTS) 543-0913 or (415) 294-5054  

CIAC's business hours phone number is (415) 422-8193 or (FTS) 532-8193.
Send e-mail to:

	ciac@tiger.llnl.gov           

Neither the United States Government nor the University of California
nor any of their employees, makes any warranty, expressed or implied,
or assumes any legal liability or responsibility for the accuracy,
completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately
owned rights.  Reference herein to any specific commercial products,
process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the
University of California.  The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government nor the University of California, and shall not be used for
advertising or product endorsement purposes.