fiatlux@ucscc.UCSC.EDU (David Vangerov) (08/06/88)
Much to my dismay, I found this nasty virus lurking around on our 2 Mac SE's and the Mac II in the lab I work. I don't know how it got on there, and that's not the point of the article. I first tried using ResEdit to get rid of it, and that didn't work. Then I tried using the DA Virus Detective which successfully indentified that there was mysterious CODE resources lurking around in a lot of the well used programs on the hard-drives. However, Virus Detective managed to break the programs I was trying to disinfect. (including the system to one extent and completely trashing the finder) Not exactly what I had in mind. But wait! I remembered that someone had dissected the virus and posted their findings from it. They also managed to come up with a utility that will eradicate the SCORES virus from your hard-disk. So I quickly ftp'd over to sumex-aim (our Internet link just happened to be up), grabbed the KillScores program and a little while later I was a happy camper since I had managed to get rib of this nasty little virus. So I'd like to thank the authors of that program for a job well done. It managed to wipe out the virus without wiping out the infected files/programs. However, I have a request. It's been asked that I do a small writeup for our computer center newsletter outlining what the virus is and what I did to get rid of it and what precautions to take against being infected by it (or other viruses). So what I need is the orginal postings by the author(s) of KillScores. These were the postings that outlined what the virus was, how it works, etc and how to get rid of it using ResEdit (this was before the KillScores program was posted). So I need the info on the SCORES virus for the article. I'm not sure about a few points and would like to double check my facts before I make a fool of myself in the newsletter. Of course our machine retires articles after 2 weeks, so it's no use looking there. I'd really appreciate this and of course the authors would be quoted and acknowledged. Thanks a bunch (both for the info and the KillScores program)... +----------------------------------------------------------------------------+ | David Vangerov | | Just your average Theater Arts major with a weird thing for computers | | fiatlux@ucscc.BITNET || fiatlux@ucscc.ucsc.EDU || ...!ucbvax!ucscc!fiatlux | +----------------------------------------------------------------------------+
werner@utastro.UUCP (Werner Uhrig) (08/07/88)
David, from your address it looks to me like you can FTP from your site to my home-base, where I keep a near-complete collection of virus-relevant stuff in ~ftp/mac/virus-tools - as follows: l ~ftp/mac/virus-tools Ferret-1pt0_APPL.sit_hqx Vaccine_CDEV.Hqx Guard_Dog_CDEV.sit_hqx VirusDetective-DA_1pt2.Hqx Interferon-2pt0_APPL.pit_hqx VirusWarningINIT.hqx KillScores_1pt0_APPL.hqx virus.SCORES.news KillVirus_INIT.Urlichs virus.news Vaccination_APPL.pit_hqx PS: this problem is likely to be with us for as long as there are Macs and new Mac-owners. it is my understanding that our university micro labs got bitten, too, a few weeks ago, both Macs and Amigas.... -- -------------------->PREFERED-RETURN-ADDRESS-FOLLOWS<--------------------- (INTERNET) werner%rascal.ics.utexas.edu@cs.utexas.edu (DIRECT) werner@rascal.ics.utexas.edu (Internet: 128.83.144.1) (UUCP) ...{backbone-sites}!cs.utexas.edu!rascal.ics.utexas.edu!werner
jln@eecs.nwu.edu (John Norstad) (08/08/88)
Just to set the record straight: I'm the author of the three postings on Scores, but I'm NOT the author of KillScores. KillScores was written by the MacPack/Apple Corps of Dallas task force, headed by Howard Upchurch. I've sent Mr. Vangerov copies of my postings by private mail.
shulman@slb-sdr.UUCP (Jeff Shulman) (08/14/88)
I must remind you that the purpose of VirusDetective is to *detect* known viruses, *not* to delete them. Deleting a single resource (which VD will offer to do) does not eradicate all viruses (like Scores). VD *does* warn you to this effect. VD's original purpose was to help me detect files that were downloaded from various places for viruses *before* they were run and/or made available to others. Also, VD does not look for *possible* viruses but ONLY those resources it is told about. It does what it is supposed to do VERY fast and VERY efficient. It is also usable just to find resources and files of a certain type/creator. It can be modified by anyone easily to change its search criteria. You do not have to find another program to detect yet another virus. BTW, I was toying with the idea to add scripting capabilities to remove viruses but so far nobody seems to want that nor do I have the incentive to do so over my other projects. Jeff -- uucp: ...rutgers!yale!slb-sdr!shulman CSNet: SHULMAN@SDR.SLB.COM Delphi: JEFFS GEnie: KILROY CIS: 76136,667 MCI Mail: KILROY Disclaimer: I wrote VirusDetective.