D1660@AppleLink.Apple.COM (SoftPlus, Paul Cozza,PRT) (04/02/91)
For SAM 3.0 Users:
A new Macintosh HyperCard virus has been found and has been named the
HC Virus. The virus infects only HyperCard stacks, and is mostly
annoying. With SAM 3.0 you can download the latest Virus Definitions
file from the Symantec bulletin board which includes both detection
and repair of stacks infected with this virus. You can also enter a
virus definition via SAM Virus Clinic 3.0 if you only require
detection capabilities for this virus. The proper virus definition for
SAM 3.0 is included here.
*************************************
SAM 3.0 Virus Definition For HC Virus
Open the Data Definitions dialog in SAM 3.0 Virus Clinic by choosing
"Add Definition (Data)" from the Definitions menu. Then enter the
following information:
Virus Name: HC Virus
File Type: STAK
Search String pop-up menu: ASCII
Search String text field: if char 1 to 2 of LookAtDate <11
The string in the Search String text field above is an ASCII string.
Blank area between words are spaces. The string IS case sensitive.
As a guard against incorrect entry, SAM 3.0 has a "Check field" in the
Definitions dialog boxes. If all of the above information is entered
correctly, then your check field should be A0BD.
Note that SAM 2.0 had the capability to detect and repair Hypercard
viruses (such as Dukakis), but did NOT have a data definitions entry
dialog. This is new to SAM 3.0.
Paul Cozza
SAM Authormike@pyrite.SOM.CWRU.Edu (Michael Kerner) (04/05/91)
D1660@AppleLink.Apple.COM (SoftPlus, Paul Cozza,PRT) writes: >For SAM 3.0 Users: > >A new Macintosh HyperCard virus has been found and has been named the >HC Virus. The virus infects only HyperCard stacks, and is mostly >annoying. With SAM 3.0 you can download the latest Virus Definitions >file from the Symantec bulletin board which includes both detection >and repair of stacks infected with this virus. You can also enter a >virus definition via SAM Virus Clinic 3.0 if you only require >detection capabilities for this virus. The proper virus definition for >SAM 3.0 is included here. > > ... > >Paul Cozza >SAM Author Yo folks, it's me again. The question of the day is, "Is this virus a virus or a Trojan Horse (Like Dukakis was)". If this "virus" attacks stacks from a script, what does the script look like? The easiest way to kill Dukakis (not to slam SAM, but it's overkill), is to (in your HOME stack), intercept the SET command and check if the params includes "Script", and then do further checks to see if it's Dukakis (I don't remember the entire script, if anyone wants it EMAIL me, go for it). Anyway, the script can also be easily changed to intercept ALL SET THE SCRIPT's and stop them, if the user wants. So, is this virus caused by a script, and thus a Trojan Horse that I can counter with a script of my own, or is it a real virus, caused by a binary operation in one of the CODE resources of a stack? Mikey Mac Admin WSOM CSG CWRU mike@pyrite.som.cwru.edu
gaertner@uunet.uu.net (Margit Gaertner) (04/10/91)
D1660@AppleLink.Apple.COM (SoftPlus, Paul Cozza,PRT) writes: > For SAM 3.0 Users: > > [lines deleted] > > Note that SAM 2.0 had the capability to detect and repair Hypercard > viruses (such as Dukakis), but did NOT have a data definitions entry > dialog. This is new to SAM 3.0. Could someone give me the SAM 2.0 Virus Definition for the HC Virus? thanks in advance Margit Gaertner Ps: We are registered users of SAM 2.0, but SAM 3.0 isn't available from PRISMA, Germany. E-mail address UUCP: uunet!unido!linod!gaertner Linotype AG dept. S/CC Mergenthaler Allee 55-75 D-6236 Eschborn, West Germany