Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!cs.utexas.edu!ut-emx!osmigo From: osmigo@ut-emx.UUCP Newsgroups: comp.sys.mac Subject: Re: SCORES ordeal + new(?) SCORES info Message-ID: <6790@ut-emx.UUCP> Date: 11 Oct 88 22:58:33 GMT References: <6685@ut-emx.UUCP> <10330055@eecs.nwu.edu> Reply-To: osmigo@emx.UUCP (Ron Morgan) Organization: Speech Communication UT Austin Lines: 63 In article <10330055@eecs.nwu.edu> jln@eecs.nwu.edu (John Norstad) writes: > >Yes, Scores can cause applications to crash or do strange things. In my >earlier reply I pointed out one case - code segment gaps of size 1. My hard disk drive is a Mirror Magnet 40X. It uses a Seagate ST-251 with the Adaptec card. The Mirror formatter has CODE's 0,1,2,3, and 4. That's about all I can tell you! >Your case is the first I've heard of a system that won't function at all >when infected. It might have been Finder. According to the documentation I've read, Scores "likes" to infect Finder, and Finder WAS infected. > It contains roughly 2,500 machine >language instructions. This took about two weeks of very hard work. > I had to use a >dissassembly listing and reverse-engineer the beast. Every significant >fact I discovered by exmining the code was verified by testing on an >infected system, using a debugger, ResEdit, and other programming tools. We need more guys like you!!! (-8 > including problems printing and problems with MacDraw Yes, there were a number of occasions when I'd try to print out a document (From Draw, MacWrite, WriteNow and others) and would get, say, 3 lines of garbage per page. >sure. I haven't been able to duplicate them on my systems. According to what I've read, the effects of Scores can vary from machine to machine. It'll infect one application on my machine, and leave it untouched on your machine. >>Keep in mind that we're talking about a virus that will actually >>search out applications to infect, even if they aren't run. If you've ever >>seen your infected disk drive start spinning for no reason, that's the Scores >>virus on a "hunting trip." > >This is false. Scores only infects applications that are actually run. >Scores does not go on any "hunting trips." This is in direct contradiction to the documentation that came with KillScores 1.0. The literature was written by Howard Upchurch, and says [quote]: "As the infected disk is used, the virus continually seeks uncon- taminated applications. The present thought is that it searches in a random fashion at an interval of 3 1/2 minutes...after a long enough period of time, every application on the disk will be infected, apparently whether it has been used or not." On another page, he says: "...an application does not have to have been run for it to be contaminated."If you are saying you've found contradictory information, could you please say so explicitly? I have one more question for you, since you obviously know more about this than I do. Would the problems caused by Scores appear the FIRST time a "clean" application is run? I noted that when I ran Yeager Advanced Flight Trainer (a known clean copy) on my infected system, it failed to work the very first time, saying the application file was busy or damaged. Many, many thanks for your words on this matter.