Moderators.Jon.Pugh;Dwayne.Virnau;Lance.Nakata@SUMEX-AIM.STANFORD.EDU (05/01/88)
INFO-MAC Digest Sunday, 1 May 1988 Volume 6 : Issue 43
Today's Topics:
SCORES virus and the NetWay N1000A terminal controller
Virus info
VIRUS VACCINE
Viral Code
Scores Virus Report 2
Usenet Mac Digest V4 #44
Usenet Mac Digest V4 #45
Usenet Mac Digest V4 #46
Usenet Mac Digest V4 #47
Usenet Mac Digest V4 #48
Usenet Mac Digest V4 #49
Usenet Mac Digest V4 #50
Usenet Mac Digest V4 #51
Usenet Mac Digest V4 #52
Delphi Mac Digest V4 #8
----------------------------------------------------------------------
Date: Sun, 24 Apr 88 19:20:38 EDT
From: "Juan M. Courcoul"
From: <PP838474%TECMTYVM.BITNET@forsythe.stanford.edu>
Subject: SCORES virus and the NetWay N1000A terminal controller
Regarding the SCORES virus, I hope all the software on the INFO-MAC
repository and it's various associated filelists on servers in the
Bitnet network is uninfected.
On the NetWay controller, at my school we have recently been assigned one
of the units and apparently the software with it is a bit outdated. Is
there a version of the terminal software that supports the SE and Mac II
ADB keyboards ? My current version doesn't and it's a chore when you want
to use a PF key. Also, and of graver concern, my version is quite unable
to 'see' the NetWay controller if it is on the other side of a standard
AppleTalk bridge. Is this normal ?
Juan M. Courcoul
Dept. of Computer Science
Monterrey Institute of Technology
Monterrey, Mexico
------------------------------
Date: Mon, 25 Apr 88 09:17 GMT
From: <J_MENDEZ%UPRENET.BITNET@forsythe.stanford.edu>
Subject: Virus info
I am a new Macintosh user and recently subscribed to Info-Mac. I've been
reading about this virus (actually more than one) and bugs. I would like
someone to explain exactly what are they, where do they come from, how are
they acquired and whatever other basic information. Please pardon my lack
of knowledge but I must begin somewhere.
Thank you.
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
Jose Mendez
BITNET: J_MENDEZ@UPRENET
University of Puerto Rico
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
------------------------------
From: RBREWER%WPI.BITNET@husc6.harvard.edu
Date: Mon, 25 Apr 88 18:42:58 edt
Subject: VIRUS VACCINE
Well, the power users here at WPI don't really like putting up with Viruses,
so we tend to find cures ASAP - Here's what we have:
VACCINE - a CDEV file that activates on bootup. This file (whose settings may
be adjusted through the newer segmented control panels (i.e. system
version 5.0). What it does is the following - It basically checks
for anything being installed onto the machine automatically. As this
is the Method that the Infamout "Scores" virus transmits itself, this
makes it a very effective preventative step. The user is prompted as
to whether or not he wants this modification done, at which point
he can say yes or no. This allows FULL control of the bacground IO
installation process. THIS PROGRAM DOES NOT REMOVE THE VIRUS, IT JUST
LET'S YOU KNOW IF THE SYSTEM IS BEING TAMPERED WITH.
VKILLER - Searches out the actual virus code in an infected disk, and removes
it. This program also works against the "SCORES" virus, as well as
a multitude of others.
If you would like copies of these two PD utilities, just send a Blank formatted
3.5 to me at home (be sure to include RETURN POSTAGE), at the following
address:
TRON
c/o Richard G. Brewer
Rural Route 1 Box 496
Lebanon, N.H. 03766
Vaccine is also available in the Macintosh users group areas of GeNIE,
CompuServe, and other popular Timeshare networks...I haope that these
programs help those with infected media out of the jam their in - they
certainly helped me!!
...END OF LINE...
------------------------------
Date: Tue 26 Apr 1988 02:26 CDT
From: GREENY <MISS026%ECNCDC.BITNET@forsythe.stanford.edu>
Subject: Viral Code
Hi there....
I have currently been assigned the task (by my infamous supervisor) to make
sure that all of the Macintoshes in our Department are virus free (quite a
task seeing as how most of the faculty *LOVE* to get PD and shareware stuff )
and I have figured that the best way to do this would be to write an application
or perhaps a CDEV on the order of Vaccine all on my own, since I do not
trust *ANY* outside code anymore that I get without a copy of the source.
Call my overly paranoid (I'm sure someone will...) but I would like to have
copies of any viruses that anyone may have been bitten by, or trapped before
they could have done their work. I can send disks, tapes, do modem transfers,
or go by mail -- whatever is possible and most convenient for you.
Thanks in advance. I will post a copy of the application (or CDEV) after I
get it running -- along with a copy of the source (for those who are as
paranoid as I am...).
Thankx...
Bye for now but not for long
David S. "Greeny" Greenberg
Bitnet: MISS026@ECNCDC
Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU
Disclaimer: My Department takes no responsibility for what i say above...
------------------------------
Date: Tue, 26 Apr 88 10:56 CDT
From: John Norstad <JLN%nuacc.acns.nwu.edu@forsythe.stanford.edu>
Subject: Scores Virus Report 2
This is my second report on the Scores virus. The important good
news is there are now two free disinfection programs called
KillScores and Ferret 1.0. I didn't write either one of them.
They seem to work fine, so there's no need for me to write another
one. I'm also happy to report that CE Software's Vaccine 1.0 is
effective against Scores. There's not much new to report about the
virus itself.
KillScores and Ferret 1.0 were posted on AppleLink over the weekend
of April 16. I discovered them shortly after posting my first
report on Monday the 18th. I believe they are also available on
CompuServe, but I haven't checked.
Both of these programs were written specifically to eradicate the
Scores virus. They can also be used to simply check for the virus,
without changing anything on your disk.
I tested both Ferret and KillScores on my small infected test
system, and on some large uninfected ones.
Both of them worked on my small infected system. They removed all
traces of the virus and repaired the system folder and all the
damaged applications correctly. They both also correctly reported
that several large systems with nearly full 20 and 80 megabyte hard
drives were uninfected.
A word of warning, however. My small test system only contains
infected versions of TeachText, ResEdit, and MacWrite. I don't
have the facilities or the time to do large scale testing of lots
of infected applications. Also, I don't have the source code for
either of the programs. So I can't guarantee that either of them
is perfect, or that they won't damage your files.
KillScores has a better user interface than Ferret 1.0, although
neither one is very good. Ferret 1.0 also seems to have a problem
properly reporting the names of the infected files. This only
works some of the time. KillScores does a much better job of
telling you exactly what it's doing.
The important thing is that both of these programs seem to work,
and the authors deserve our thanks. Larry Nedry wrote Ferret 1.0,
and KillScores is the work of the MacPack/Apple Corps of Dallas
task force, headed by Howard UpChurch.
Getting rid of a virus is very tricky, even with the help of a
disinfection program like KillScores or Ferret 1.0. I managed to
make mistakes using them during my tests, and ended up with a
system that was still infected! I recommend that you carefully
follow the steps below to make sure that you've really eradicated
all traces of the virus.
Step 1. Make a startup disk containing just a system folder and a
copy of the disinfection program (KillScores and/or Ferret 1.0).
For the safest results the system folder should be copied as is
from a locked original Apple system release disk. The only files
you really need in your system folder are System and Finder. Make
sure your system folder doesn't contain any non-Apple INITs, CDEVs,
or other miscellaneous crap.
Step 2. Restart your machine using the startup disk you just made.
Step 3. Make a backup copy of the startup disk you just made.
Step 4. Run the disinfection program on all the hard drives and
floppies in your collection, including the backup copy you just
made. Don't run any other programs or boot from any other disks
until you're done disinfecting, or you might get reinfected. Use
Finder, not MultiFinder (I've only tested under Finder. The
programs might work OK under MultiFinder too, but I don't know).
Step 5. Shut down your system and restart using some other
(disinfected) startup disk.
Step 6. Immediately erase the startup disk you made in step 1 and
used to disinfect your system. The backup disk you made is free
from infection, and it contains a copy of the disinfection program
that you can use again if you need it.
For the safest results you should try to make sure that all the
files you copy to your startup disk in step 1 are uninfected.
That's why I recommend using your original locked Apple release
disk. I have, however, tested both KillScores and Ferret 1.0 with
infected startup disks, and they seem to work OK.
To double check, you can run both KillScores and Ferret 1.0. The
program you run first should disinfect your disk, and the one you
run second should report that the disk is free of infection.
I've also tested CE Software's Vaccine 1.0 with Scores. It seems
to be effective against the initial attempt at infection. In all
my tests my vaccinated system bombed whenever I attempted to run an
application infected with Scores, and my system was not infected.
I've tried this with the "expert display" option both on and off,
and with the "always compile MPW INITS" option both on and off.
I've seen bombs with ID=02 and ID=25. I don't know why the system
bombs instead of presenting Vaccine's usual dialog box or tiny
icons.
I'd like to correct an error in the first report. When fixing an
infected application with ResEdit, you should replace bytes 16-23
of CODE resource 0 by bytes 4-11 of CODE resource nnnn, not by
bytes 2-9. Bytes are numbered starting with 0. I apologize if
this caused anybody any grief.
I'd also like to thank Dave Lavery and Howard Upchurch for their
early work on the Scores virus. I used their results as a starting
point for my own research, and I should have given them credit in
my first report.
I've discovered several more interesting facts about Scores,
including more attacks on VULT and ERIC, an explanation for why
some applications don't get infected, and several bugs in the
virus. There also may be a few problems with the disinfection
algorithm I presented in the first report. The details aren't
important now, so I won't describe them.
It has been reported that the virus contains some sort of special
code designed to fool ResEdit. This isn't true, although I have
had ResEdit crash inexplicably on an infected system.
John Norstad
Academic Computing and Network Services
Northwestern University
Evanston, IL 60208
Bitnet: JLN@NUACC
Internet: JLN@NUACC.ACNS.NWU.EDU
------------------------------
Date: Tue 19 Apr 88 17:17:44-GMT
From: Jeff Shulman <SHULMAN@SDR>
Subject: Usenet Mac Digest V4 #44
Usenet Mac Digest Friday, April 1, 1988 Volume 4 : Issue 44
Today's Topics:
Re: Mac to pic/troff Conversion
Electronic circuit design and simulation
MPW Pascal Suggestion
Re: CMS Pro80II/i vs. Pro102k-II/i Disks
Re: MPW Pascal Suggestion
Dove SCSI + CMS: do they mix?
CE Vaccine
Re: TI microExplorer (Mac II coprocessor) ...
Re: Info on Concertware + 4.0
Re: How to quit MF?(was Re: Quitting the Finder under MF)
Additional Serial Ports for MAC II (2 messages)
Proposal for enhancements to the Macintosh System (Repost!)
DiskTools Plus comments
Help List Manager
Re: Polygon question
[archived as
[SUMEX-AIM.Stanford.EDU]<INFO-MAC>USENETV4-44.ARC
- Lance ]
------------------------------
Date: Tue 19 Apr 88 17:18:54-GMT
From: Jeff Shulman <SHULMAN@SDR>
Subject: Usenet Mac Digest V4 #45
Usenet Mac Digest Friday, April 1, 1988 Volume 4 : Issue 45
Today's Topics:
Unmount Floppy under MF
Re: Polygon question (3 messages)
Re: Questions about MacII
Re: Dialog Boxes with Scrollable region
Alternatives to Imagewriters?
Re: DiskTools Plus comments
Protection for folders...
Large Capacity Disk Drives for Mac II ...
getting your ImageWriter (or other) printhead repaired
GATT declares U.S. - Japan chip pact illegal
Re: Faster desktop rebuilding info from MACworld
Re: Need opinions on Orange Micro Macintosh Grappler interface
Re: turning off instruction cache on MA
Re: ShowInit Source or pointer wanted
INIT Crashes-- Why?
When to draw rect around List in DLOG
Monitoring idle time
[archived as
[SUMEX-AIM.Stanford.EDU]<INFO-MAC>USENETV4-45.ARC
- Lance ]
------------------------------
Date: Tue 19 Apr 88 17:20:25-GMT
From: Jeff Shulman <SHULMAN@SDR>
Subject: Usenet Mac Digest V4 #46
Usenet Mac Digest Friday, April 1, 1988 Volume 4 : Issue 46
Today's Topics:
Re: Memory Management (was Quickergraf bugs...)
Re: When to draw rect around List in DLOG
Bulldozer cursor?
Why does my keyboard stick in UPPERCASE?
xmodem->versaterm at 1200
Re: GATT declares U.S. - Japan chip pact illegal
Memory Checking Programs
Re: GATT declares U.S. - Japan chip pact illegal
Macintosh Statistics Packages
Help! TextEdit Programming Problem - "nLines" (2 messages)
Interprocess communications (2 messages)
XNS
Re: Macintosh Statistics Packages
Re: Why does my keyboard stick in UPPERCASE?
New LaserWriter II SC
Re: Why does my keyboard stick in UPPERCASE?
Floppies (made in the USA) (look for the union label)
Re: Interprocess communications
[archived as
[SUMEX-AIM.Stanford.EDU]<INFO-MAC>USENETV4-46.ARC
- Lance ]
------------------------------
Date: Sat 9 Apr 88 14:31:45-GMT
From: Jeff Shulman <SHULMAN@SDR>
Subject: Usenet Mac Digest V4 #47
Usenet Mac Digest Saturday, April 9, 1988 Volume 4 : Issue 47
Today's Topics:
EtherTalk Card Programming Question
Patching "Please insert the disk..." (2 messages)
A/UX performance
Re: Photo of Mac II Monitor
TEXT - APPLE-MICROSOFT Agreement
Re: Can anyone tell me his/her experience with CMS hard disks?
Call for feedback: Multifinder compatible games
Re: Can anyone tell me his/her experience with CMS hard disks?
Error Handling and Recovery
Using digitized sounds...
LSC and CODE resources
Am I missing something obvious - how do you copy in/out from HFS disks?
Re: how to get file size (in bytes) ???
Re: MIDI
[archived as
[SUMEX-AIM.Stanford.EDU]<INFO-MAC>USENETV4-47.ARC
- Lance ]
------------------------------
Date: Sat 9 Apr 88 14:33:49-GMT
From: Jeff Shulman <SHULMAN@SDR>
Subject: Usenet Mac Digest V4 #48
Usenet Mac Digest Saturday, April 9, 1988 Volume 4 : Issue 48
Today's Topics:
Re: Floppies (made in the USA) (look for the union label)
Hard disks noise ?
Jasmine Direct Drive 50 and a Plus
Help on "Standard" MIDI file formats--are there any, especially on Macs?
Re: Jasmine Direct Drive 50 and a Plus
Re: Apple Challenges Microsoft :^) :^) :^) :^) :^) :^) :^) :^) :^)
Re: Why does my keyboard stick in UPPERCASE?
Re: Can anyone tell me his/her experience with CMS hard disks?
Re: Bulldozer cursor?
Ethertalk Programming Question, reposting.
Animation!
Getting Rid of Your Hangups
Re: How do you highlight a default button?
Re: Bitmap to Region conversion
Re: Sending PostScript through the printer driver
Re: A/UX performance
[archived as
[SUMEX-AIM.Stanford.EDU]<INFO-MAC>USENETV4-48.ARC
- Lance ]
------------------------------
Date: Sat 9 Apr 88 14:36:02-GMT
From: Jeff Shulman <SHULMAN@SDR>
Subject: Usenet Mac Digest V4 #49
Usenet Mac Digest Saturday, April 9, 1988 Volume 4 : Issue 49
Today's Topics:
How to get video signal from MacII?
Re: Jasmine Direct Drive 50 and a Plus
More on Font/DA Juggler, and PowerStation
Re: Floppies (made in the USA) (look for the union label)
Multi-bin feeder for laser printers
Re: Floppies (made in the USA) (look for the union label)
Dvorak keyboard trainer
Allegro CL Grep Tool (Undocumented)
Re: Picking a Debugger
apple single/double files
How do you change the A/UX's login message? (2 messages)
Re: Am I missing something obvious - how do you copy in/out from HFS disks?
Re: ImageWriter II Intermittant Problem
how to use Mac as unattended dialup machine?
Re: CE Vaccine (2 messages)
Re: Am I missing something obvious - how do you copy in/out from HFS disks?
Scribe <-> Microsoft Word converter
What hard disks does A/UX support
[archived as
[SUMEX-AIM.Stanford.EDU]<INFO-MAC>USENETV4-49.ARC
- Lance ]
------------------------------
Date: Mon 18 Apr 88 09:20:48-GMT
From: Jeff Shulman <SHULMAN@SDR>
Subject: Usenet Mac Digest V4 #50
Usenet Mac Digest Saturday, April 16, 1988 Volume 4 : Issue 50
Today's Topics:
Re: Applecolor Monitor Jitters
Re: New MF features (ApplicationMenu)
Mac <-> Autocad
Re: Universe, Universe II, and Breach
Haunted hard disk (really tape backup peculiarity)
Choosing closest-color-by-blending
DAHandler and memory management
MPW C bug, again!
Re: Time Zone trouble...
Re: What hard disks does A/UX support
Re: Choosing closest-color-by-blending
Re: Picking a Debugger
Re: Floppies (made in the USA) (look for the union label)
Vaccine seems disabled (BY A VIRUS?)
TAMIL FONTS, anyone ?
[archived as
[SUMEX-AIM.Stanford.EDU]<INFO-MAC>USENETV4-50.ARC
- Lance ]
------------------------------
Date: Mon 18 Apr 88 09:22:40-GMT
From: Jeff Shulman <SHULMAN@SDR>
Subject: Usenet Mac Digest V4 #51
Usenet Mac Digest Saturday, April 16, 1988 Volume 4 : Issue 51
Today's Topics:
Pacer vs. Alisa (A Tale of Two VAX-Mac Systems)
3D Graphic MANIPULATIONS.....
How do you count unused master pointers?
question about fonts
LightspeedC Vapor Ad (was Re: LSC and CODE resources)
Re: DAHandler and memory management
Re: Error Handling and Recovery (long reply)
Re: LSC and CODE resources
Re: What hard disks does A/UX support
Problems with A/UX--NFS locking up (2 messages)
Re: 3D Graphic MANIPULATIONS.....
Bibliography support package wanted.
Enabling my Lisa to run Mac+ software
Re: Graphic window from MPW tool
[archived as
[SUMEX-AIM.Stanford.EDU]<INFO-MAC>USENETV4-51.ARC
- Lance ]
------------------------------
Date: Mon 18 Apr 88 09:24:32-GMT
From: Jeff Shulman <SHULMAN@SDR>
Subject: Usenet Mac Digest V4 #52
Usenet Mac Digest Saturday, April 16, 1988 Volume 4 : Issue 52
Today's Topics:
Claris MacWrite 5.0
Problems I have seen
Re: Pacer vs. Alisa (A Tale of Two VAX-Mac Systems)
Re: Problems I have seen
Home finance software
Re: : Mac desktop publishing, etc.
E-mail Mac/Mainframe
carrying case for Mac Plus (2 messages)
OpenResFile and high byte
custom MDEF vs. MenuKey
4D programming question
Opening Working Directories
Re: OpenResFile and high byte
Re: custom MDEF vs. MenuKey
HD's for AUx
Laser IISC
Re: Farallon MacRecorder
Streamlining the System File
Ending a DA
[archived as
[SUMEX-AIM.Stanford.EDU]<INFO-MAC>USENETV4-52.ARC
- Lance ]
------------------------------
Date: Fri 22 Apr 88 09:29:03-GMT
From: Jeff Shulman <SHULMAN@SDR>
Subject: Delphi Mac Digest V4 #8
Delphi Mac Digest Friday, April 22, 1988 Volume 4 : Issue 8
Today's Topics:
anti-virus
Re: Vaccine and Font/DA Mover
new LW's (3 messages)
ImageWriter II Problem (2 messages)
RE: Usenet Mac Digest V4 #51
re: Ending a DA
Color Questions
re: Getting Full Pathnames
Char2Pixel()
Color Boot Problem
[archived as
[SUMEX-AIM.Stanford.EDU]<INFO-MAC>DELPHIV4-08.ARC
- Lance ]
------------------------------
End of INFO-MAC Digest
**********************