Macintosh Garden - Emulators - POSSIBLE VIRUS!

Jun 21st, 16:47Gustav
I think I've found a virus on this site. You know these plugins in your system folder shaped like puzzle pieces? (I'm not sure about the name in English) I found a plugin called #666 in my plugin folder after playing Fokker Triplane 2.89. Doesn't matter how many times I flush it down the system trash can, every time I play Triplane a new one is created. The file is 4kbytes big and the system information in the apple menu can't identify it or tell what it does. The icon is plain grey, with a puzzle piece shape. I EVEN FOUND THE CODE in Fokker Triplane with resedit, that initiates the plugin. Lots of numbers and in the middle: INIT#666. So you tell me, is this an early virus for the b/w mac? Cause I'm scared, man!
 
Jun 21st, 17:57old iron
It's also called sevendust. No it is not early but has been around a few years . The "puzzle piece" shape identifies it as a system extension. I've had it before and unfortunatley to get rid of it you have to clean or replace the system and finder files since the 666 virus infects the system file. The system file can't be disinfected while active, so even after a virus scan and clean, the system file reinfects everything (after the next reboot) by replacing the 666 extension, and all applications launched after that get the 666 put into the resource fork. Each infected application can then replace the 666 in the extensions folder an in turn infects every application launched after that, including the system file! It's a bugger to get rid of.
SO, short of formatting the hard drive and starting over (a pain at the best of times), do this:
1)reboot with a locked floppy or better, a CD with a virus scanner.
2)Allow complete disinfection, make note of, and perhaps remove, any applications that are infected and can easily be replaced. Ensure the system file gets cleaned too.
3) Carefully consider whether you have used any apps on unlocked floppies or external drives for they may also be infected.
4) Reboot and check immediatley to see if 666 shows up in the extensions again. If so, you need to reinstall a base system and virus scan again before a reboot.

I have gone so far as to keep a stuffed copy of my finder and system handy for quick replacement.

Finally, keep an active and updated virus scanner going at all times, and scan your software. I, for one, am much more careful now. Search the web for 666/sevendust for more ugly details.
 
Jun 21st, 22:30Retroman
Damn, I've had this before. Its a annoying little thing. I got it after mistyping google.com ( I wrote googe.com) and the title on the page was "Hell" or something, and it was just a black page.
 
Jun 24th, 10:44Gustav
Do I have to get rid of it? How does it hurt the system?
 
Jun 27th, 23:34takeru
maybe this should help for the next time http://ioannis.virtualcomposer2000.com/programming/tracker.html

never had the sevendust virus on my trusty 68k mac, but your descriptions scare the hell out of me XD.
 
Jun 29th, 18:49
I too feel that I was infected from this site. SevenDust is a virus I thankfully never had to deal with before now--I had seen plenty of nVIR, CDEF, and WDEF before though.

If the strain going around here is the same one I found with Norton 7.0 on an OS 9 Mac, it is A or B. A and B don't infect the system file. I rebooted with the Norton CD and disinfected the drive.

You might want to try Agax for an older Mac. I think it works on 7.0+. I will try this on mini vMac running as a 7.1 SE later this week. Agax gets SevenDust and a few other things that Disinfectant never was updated to get.
 
Jun 30th, 00:11old iron
666 has several strains, a couple of which will delete non-application files under certain conditions. I did not have anything but odd behaviour. It's best to get clear of it anyway.
I use Virex, a recent version that handles modern threats.
 
Jun 30th, 00:19old iron
While all the above remains true, I just checked Fokker Triplane and found no virus. Anyone else care to verify this?
 
Jun 30th, 00:32Scott Baret
First off, I am the one who wrote the 6/29 post at 18:49 (sorry for not signing my name).

Second, the strains that delete files, if I remember correctly, do so on the 6th and 12th of months in June or later and only between 6-7AM. Not 100% sure these details are correct, but that's what I think it is.

Also, someone check the Lemmings download here. I think that may have been the source for me, since my G3 iBook wasn't infected until I moved Lemmings onto it.
 

Your name:
Your email:
Entry:
 
  		 
 

 Games by category 


 Games alphabetically 


 Most popular 


 Highest rated 


 Recent Additions 


 Links 


 Upload games 


 Forum 


 About Mac Garden 


Disclaimer: Mac Garden does not claim rights to any software on the site. To the best of our knowledge, these titles have been discontinued by their publishers. If you know otherwise, please contact us and we will remove them accordingly. Thank you for your attention.

© 2000 - 2001 Mac Garden
Portions are copyrighted by their respective owners. All rights reserved. Please read our privacy policy.