Xref: utzoo comp.sys.mac.misc:5260 comp.sys.mac.system:2102 Path: utzoo!attcan!uunet!samsung!sdd.hp.com!usc!apple!agate!shelby!portia.stanford.edu!jessica.stanford.edu!davidw From: davidw@jessica.stanford.edu (David Whelan) Newsgroups: comp.sys.mac.misc,comp.sys.mac.system Subject: Virus in After Dark 2.0? Message-ID: <1990Nov6.043127.27489@portia.Stanford.EDU> Date: 6 Nov 90 04:31:27 GMT Sender: davidw@jessica.stanford.edu (David J. Whelan) Organization: Academic Information Resources Lines: 63 I have recently had some difficulties with After Dark 2.0 and am wondering if anyone else has experienced similar problems. My Mac IIci recently crashed, and I was unable to restart the system. (The computer checked my hard disk and then displayed the "No Disk" icon.) I tried to check the disk with Norton Utilities and SUM II, but I couldn't find any problems. I believe that I then ran Disinfectant 2.3, which reported damage to my System file. I copied a new System and the computer started up okay. Since I had just installed some new INITs and CDEVs (Boomerang 2.0B7, DiskLight, UnScrolly, Windows, and hierDA), I removed these and restarted the system. Everything seemed to be okay, but the machine kept on crashing. It seemed to be doing this whenever After Dark kicked in. Either it would crash as soon as Satori (the module I was using) started, or when I moved the mouse to return to my work. After a little bit of investigation, I found two new files in the After Dark Files folder. They were both <1K After Dark documents. "Good Vibrations (256 colors)" was created on 29 July 1990 at 4:11 p.m. and last modified on 31 July 1990 at 1:33 a.m. "Grand Finale" was created on 30 July 1990 at 1:09 a.m. and last modified on 31 July 1990 at 1:34 a.m. Even though they are both AD files, neither of them show up in After Dark's list of modules. When I removed these files from the After Dark Files folder, the machine stopped crashing. I investigated these two files with ResEdit. They are very different from regular AD modules. They both contain four resources: MENU, mlnf, RECT, and sysz. The "Good Vibrations (256 colors)" MENU resource lists "Satori" and "Slide Show," two real After Dark modules. "Grand Finale" is similar, but it lists six different AD modules. Since removing these files from the After Dark Files folder seemed to solve my problems, I decided to forget about the whole thing. However, a couple of hours later, the system crashed again. I immediately checked the After Dark Files folder. There were again two new files: "Space Toasters!" and "Stormy Skyline." They are both similar to the previous files. The creation dates and times are different, but they were all modified on 31 July 1990 at 1:33- 1:34 a.m. I removed these files from the After Dark Files folder and removed all of my After Dark stuff from the System Folder. Since then, I have had no problems at all. Has anyone else experienced any similar problems? This seems to be some sort of virus which has infected my After Dark file, but I can't figure it out. I am sure that putting a fresh AD on the computer would solve my problems, but I really want to know what caused this to happen so I can prevent it in the future. I am using a Mac IIci with 4MB RAM and an 80MB hard drive. I'm running System 6.0.4, Finder 6.1.4, Multifinder 6.0.4, and MacsBug 6.2a7. The following INITs and CDEVs are also being used: INIT CDEV 3.0, CloseView, Easy Access, Gatekeeper, Gatekeeper Aid, MacroMaker, On Cue, SoundMaster, Suitcase II, SUM Shield INIT, SuperClock 3.8, Temperament 2, The GuardDog, Vaccine 1.0.1, Disinfectant INIT, and ColorDesk. If anyone has any ideas as to what could have caused these problems with After Dark, please post them or send e-mail to me (davidw@jessica.stanford.edu). Thanks, David J. Whelan Junior, Symbolic Systems Stanford University