The Code 9811 Virus


 

It was after more than three years of almost daily use of my Macintosh® computer, and it was after having downloaded about one to ten files from the Internet on every of these days, I suddenly got severely infected by a computer virus:

The days before my computer had started behaving strangely: I got "Out of memory" error messages as I wanted to start applications. I saw the desktop utility The Tilery showing my applications with strange names like DPEVLZREEYO or BMQTKECNLI. Incidentally, using the Apple® program ResEdit, I found an invisible copy of a program in its folder with a strange name as the above. I found it a bit peculiar, but didn't think that much more about it.

I did all the things I had learnt when having problems with a Macintosh computer: I rebuilt the desktop. I started up without any extensions. I zapped the PRAM. The problem didn't go away. Then I reformatted the hard disk, and reinstalled all my software.

The problem was still there: "Out of memory" as trying to launch some applications, and then this different sound my Mac was making: It sounded as the machine was occupied with something all the time. It was a very quiet rhythmic sound.

Finally I thought I must have a hardware problem. Could it be a loose contact? I opened my computer and tried to find something being loose, but couldn't. I was getting worried I would have to buy a new machine.

The next day, a monday morning mid December 1998 before going to my work, a computer virus unmasked its presence: All of a sudden my desktop turned all white, then a lot of black worms with yellow heads came crawling in from my screen's borders, like eating the desktop. Then a message: "You have been hacked by the Praetorians". At the end of this "show" a red Pi-sign was built in the middle of the screen, with the heads of the worms like yellow virus-like balls bumping towards its inner borders.

I was very happy and relieved. I was having a software problem. I wouldn't have to buy me a new computer!

Reporting my findings to Susan Lesch at Mac Virus Com I learnt that this Macintosh virus is known as the Code 9811 Virus. It was reported to Symantec® in November 1998 by the Swede Tommy Sandstrom. Symantec included a fix for it in their December 1998 virus definitions for the Symantec AntiVirus and Norton AntiVirus® programs.



The Code 9811 virus "end of show"

Tommy Sandstrom took this screenshot of the Code 9811 Virus' "end of show". If you want to see a larger picture click here:

  • For low resolution screens 
  • For high resolution screens (800*600 or more)
  • Having downloaded a trial version of Norton AntiVirus® and used it to scan old DropStuff-compressed backups of my entire internal hard disk, I have been able to find copies of the Code 9811 Virus from as early as the seventh of August 1998. As I wrote above it wasn't until mid December 1998, five months later, I realized I was having the virus infection. This indicates that the virus replicates very slow for a long time and then suddenly appears executing its full effects.

    The Code 9811 Virus infects on both 68K and PPC Macs, at least using the old MacOS®.

    Anyone who starts getting strange messages as trying to start applications using a Macintosh computer should suspect the Code 9811 Virus.


     

    Web pages on the Code 9811 Virus


    Anti virus software

    Agax Agax is a freeware program made by John William Dalgliesh that among other viruses detects the Code 9811 Virus. It seems that at least the users of old MacOS, except of those using Microsoft® products like Word and Excel (sometimes affected by macro viruses), will be quite safe against Macintosh computer viruses using the combination of Agax and Disinfectant (also a freeware program). Disinfectant, made by John Norstad, isn't updated anymore, but Agax is.

    Norton AntiVirus® Norton AntiVirus® is a commercial program, which since 1998 detects and removes the Code 9811 Virus, even in compressed archives.

    McAfee® Virex®McAfee® Virex®, a commercial anti virus program, does from its February 2001 Virus Definitions also detect the Code 9811 Virus - both in compressed and uncompressed archives.


     

    Macintosh, Mac, MacOS and Apple are trademarks of Apple Computer, Inc., registered in the U.S. and other countries.
    Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.
    Symantec and Norton AntiVirus are registered trademarks of Symantec Corporation in the U.S.
    McAfee and Virex are registered trademarks of Network Associates, Inc in the U.S.


    Copyright © 1998-2015 Tomas.Risberg@silent.se All rights reserved
    silent.se
    Made in Sweden
    Last modified July 5, 2015