[comp.sys.mac] The return of the SCORES virus

fiatlux@ucscc.UCSC.EDU (David Vangerov) (08/06/88)

Much to my dismay, I found this nasty virus lurking around on our
2 Mac SE's and the Mac II in the lab I work. I don't know how it 
got on there, and that's not the point of the article. I first tried
using ResEdit to get rid of it, and that didn't work. Then I
tried using the DA Virus Detective which successfully indentified
that there was mysterious CODE resources lurking around in a lot
of the well used programs on the hard-drives. However, Virus
Detective managed to break the programs I was trying to disinfect. 
(including the system to one extent and completely trashing the
finder) Not exactly what I had in mind. 

But wait! I remembered that someone had dissected the virus and
posted their findings from it. They also managed to come up with
a utility that will eradicate the SCORES virus from your
hard-disk. So I quickly ftp'd over to sumex-aim (our Internet
link just happened to be up), grabbed the KillScores program and
a little while later I was a happy camper since I had managed to
get rib of this nasty little virus. 

So I'd like to thank the authors of that program for a job well
done. It managed to wipe out the virus without wiping out the
infected files/programs. However, I have a request. It's been
asked that I do a small writeup for our computer center
newsletter outlining what the virus is and what I did to get rid
of it and what precautions to take against being infected by it
(or other viruses). So what I need is the orginal postings by the
author(s) of KillScores. These were the postings that outlined
what the virus was, how it works, etc and how to get rid of it 
using ResEdit (this was before the KillScores program was
posted). 

So I need the info on the SCORES virus for the article. I'm not
sure about a few points and would like to double check my facts
before I make a fool of myself in the newsletter. Of course our
machine retires articles after 2 weeks, so it's no use looking
there. I'd really appreciate this and of course the authors would
be quoted and acknowledged. 

Thanks a bunch (both for the info and the KillScores program)...


+----------------------------------------------------------------------------+
|		     	        David Vangerov				     | 
|    Just your average Theater Arts major with a weird thing for computers   |
| fiatlux@ucscc.BITNET || fiatlux@ucscc.ucsc.EDU || ...!ucbvax!ucscc!fiatlux | 
+----------------------------------------------------------------------------+

werner@utastro.UUCP (Werner Uhrig) (08/07/88)

David,
	from your address it looks to me like you can FTP from your site
to my home-base, where I keep a near-complete collection of virus-relevant
stuff in ~ftp/mac/virus-tools - as follows:

l ~ftp/mac/virus-tools
Ferret-1pt0_APPL.sit_hqx        Vaccine_CDEV.Hqx
Guard_Dog_CDEV.sit_hqx          VirusDetective-DA_1pt2.Hqx
Interferon-2pt0_APPL.pit_hqx    VirusWarningINIT.hqx
KillScores_1pt0_APPL.hqx        virus.SCORES.news
KillVirus_INIT.Urlichs          virus.news
Vaccination_APPL.pit_hqx

PS: this problem is likely to be with us for as long as there are Macs and
	new Mac-owners.  it is my understanding that our university micro
	labs got bitten, too, a few weeks ago, both Macs and Amigas....


-- 
-------------------->PREFERED-RETURN-ADDRESS-FOLLOWS<---------------------
(INTERNET)	werner%rascal.ics.utexas.edu@cs.utexas.edu
(DIRECT)	werner@rascal.ics.utexas.edu   (Internet: 128.83.144.1)
(UUCP)		...{backbone-sites}!cs.utexas.edu!rascal.ics.utexas.edu!werner

jln@eecs.nwu.edu (John Norstad) (08/08/88)

Just to set the record straight:  I'm the author of the three postings on
Scores, but I'm NOT the author of KillScores.  KillScores was written by
the MacPack/Apple Corps of Dallas task force, headed by Howard Upchurch.
I've sent Mr. Vangerov copies of my postings by private mail.

shulman@slb-sdr.UUCP (Jeff Shulman) (08/14/88)

I must remind you that the purpose of VirusDetective is to *detect* known
viruses, *not* to delete them.  Deleting a single resource (which VD will
offer to do) does not eradicate all viruses (like Scores).  VD *does* warn
you to this effect.  VD's original purpose was to help me detect files that
were downloaded from various places for viruses *before* they were run and/or
made available to others.

Also, VD does not look for *possible* viruses but ONLY those resources it is
told about.  It does what it is supposed to do VERY fast and VERY efficient.
It is also usable just to find resources and files of a certain type/creator.
It can be modified by anyone easily to change its search criteria.  You do
not have to find another program to detect yet another virus.

BTW, I was toying with the idea to add scripting capabilities to remove
viruses but so far nobody seems to want that nor do I have the incentive to
do so over my other projects.

                                                        Jeff
-- 
uucp:     ...rutgers!yale!slb-sdr!shulman
CSNet:    SHULMAN@SDR.SLB.COM
Delphi:   JEFFS
GEnie:    KILROY
CIS:      76136,667
MCI Mail: KILROY

Disclaimer: I wrote VirusDetective.