It was after more than three years of almost daily use of my Macintosh®
computer, and it was after having downloaded about one to ten files from
the Internet on every of these days, I suddenly got severely infected by
a computer virus:
The days before my computer had started behaving strangely: I
got "Out of memory" error messages as I wanted to start applications. I
saw the desktop utility The Tilery showing my applications with strange
names like DPEVLZREEYO or BMQTKECNLI. Incidentally, using the Apple® program
ResEdit, I found an invisible copy of a program in its folder with a strange
name as the above. I found it a bit peculiar, but didn't think that much more
about it.
I did all the things I had learnt when having problems with a Macintosh computer:
I rebuilt the desktop. I started up without any extensions. I zapped the
PRAM. The problem didn't go away. Then I reformatted the hard disk, and
reinstalled all my software.
The problem was still there: "Out of memory" as trying to launch some
applications, and then this different sound my Mac was making: It
sounded as the machine was occupied with something all the time. It was
a very quiet rhythmic sound.
Finally I thought I must have a hardware problem. Could it be a loose
contact? I opened my computer and tried to find something being loose,
but couldn't. I was getting worried I would have to buy a new machine.
The next day, a monday morning mid December 1998 before going to my
work, a computer virus unmasked its presence: All of a sudden my desktop
turned all white, then a lot of black worms with yellow heads came crawling
in from my screen's borders, like eating the desktop. Then a message: "You
have been hacked by the Praetorians". At the end of this "show" a red Pi-sign
was built in the middle of the screen, with the heads of the worms like
yellow virus-like balls bumping towards its inner borders.
I was very happy and relieved. I was having a software problem. I wouldn't
have to buy me a new computer!
Reporting my findings to Susan Lesch at
Mac
Virus Com I learnt that this Macintosh virus is known as the Code
9811 Virus. It was reported to Symantec® in November 1998 by the Swede
Tommy Sandstrom. Symantec included a fix for it in their December 1998 virus definitions for the Symantec AntiVirus and Norton AntiVirus® programs.
Having downloaded a trial version of Norton AntiVirus® and used it to
scan old DropStuff-compressed backups of my entire internal hard disk,
I have been able to find copies of the Code 9811 Virus from as early as
the seventh of August 1998. As I wrote above it wasn't until mid December
1998, five months later, I realized I was having the virus infection. This
indicates that the virus replicates very slow for a long time and then
suddenly appears executing its full effects.
The Code 9811 Virus infects on both 68K and PPC Macs, at least using the old MacOS®.
Anyone who starts getting strange messages as trying to start applications
using a Macintosh computer should suspect the Code 9811 Virus.
Web pages on the Code 9811 Virus
Anti virus software
Agax is a freeware program made by John William Dalgliesh that among
other viruses detects the Code 9811 Virus. It seems that at least the users of old MacOS, except of those using Microsoft® products like Word and Excel (sometimes affected by macro viruses), will be quite safe against Macintosh computer viruses using the combination of Agax and Disinfectant (also a freeware program). Disinfectant, made by John Norstad, isn't updated anymore, but Agax is.
Norton AntiVirus® is a commercial program, which since 1998 detects and removes
the Code 9811 Virus, even in compressed archives.
 McAfee® Virex®, a commercial anti virus program, does from its February 2001 Virus Definitions also detect the Code 9811 Virus - both in compressed and uncompressed archives.
Macintosh, Mac, MacOS and Apple are trademarks of Apple Computer, Inc., registered in the U.S. and other countries.
Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.
Symantec and Norton AntiVirus are registered trademarks of Symantec Corporation in the U.S.
McAfee and Virex are registered trademarks of Network Associates, Inc in the U.S.
|
