Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Classic Macs and Mac OS > 666 Extension

666 Extension
Thread Tools
Junior Member
Join Date: Nov 2000
Status: Offline
Reply With Quote
Dec 20, 2000, 02:13 PM
 
Just a warning: this virus is still out there, i think i got it from a Hotline file. I'm going to try Virex first to get rid of it. here is the original thread about this virus. BEWARE!:
http://forums.macnn.com/cgi-bin/Foru...ML/001489.html
     
bezoar  (op)
Junior Member
Join Date: Nov 2000
Status: Offline
Reply With Quote
Dec 20, 2000, 03:10 PM
 
virex did not detect it, so i used Agax. You MUST lock Agax or it will get corrupted with the virus. Also make sure to delete the 666 extension AND the source of the virus (usually a recently installed prog or file, which will show up somewhere in Agax's examination log) before you repair the HD. Thankfully Agax worked, the extension stopped appearing and the apps now open at normal speed....
     
Grizzled Veteran
Join Date: Oct 1999
Location: Minneapolis
Status: Offline
Reply With Quote
Dec 20, 2000, 03:29 PM
 
Yet another reason to not use hotline, and instead, get all your software legally
     
bezoar  (op)
Junior Member
Join Date: Nov 2000
Status: Offline
Reply With Quote
Dec 20, 2000, 07:13 PM
 
i don't think i mentioned getting any "illegal software," but thanks for insinuating....
     
Clinically Insane
Join Date: Apr 2000
Status: Offline
Reply With Quote
Dec 20, 2000, 10:30 PM
 
Heh.
I posted a thread about that a while ago, being infected.
Agax didn't work.
I manually killed that bitch virus...
If anyone gets it and doesn't have virus protection, heres what I did:
Get Super ResEdit. Open the extension and rip its guts out... delete the INIT resource. Then get info on it and lock it down, hard. Lock resources, set Finder flag locked, and so on.
Then remember every App you have opened since getting it, open it up, and you have to delete the virus from there, but I can't remember where it hides in there... dammit I'll check.
Throw away resedit, restart, delete the extension, restart, it shouldn't be there.
Hehe, killed.
Then go out and buy Virex and run it off the CD just to be sure its gone.

Make sure you have the latest Virex definitions file... and I also got it from Hotline.

Cipher13
     
Mac Elite
Join Date: Jun 2000
Location: NY
Status: Offline
Reply With Quote
Dec 20, 2000, 11:30 PM
 
lol rip its guts out, i like your wording, ive never heard of this virus, what does it do?
     
Phaedrus
Guest
Status:
Reply With Quote
Dec 20, 2000, 11:49 PM
 
Where can I find a copy of super res edit? I did a sherlock search and came up short...lots of mac hacking sites, but only resedit, no super res edit.
     
Clinically Insane
Join Date: Apr 2000
Status: Offline
Reply With Quote
Dec 21, 2000, 03:37 AM
 
Phaedrus: try your mailbox?
Jsnuff1: Its called Sevendust, aka 666, aka "that bitch that infected all my apps!", and so on
Anyway, you can get it two ways... somethign installs the extension, or you open an infected app.
I haven't read about it, but from what I found out via first hand experience, whenever you launch an infected app, it checks to see if the extension is installed.
If it is? Leaves it alone.
If not? Installs it.
If the extension has been tampered with? Replaces it... it must verify some kind of checksum...
Anyway, when its loaded into memory, whenever you launch an application, it becomes infected.
And so the loop goes on, get what I mean?
Thats how it takes over your system...
Now as for damage, I didn't have any done to me.
I just now looked it up, and found almost nothing... apparently if started up between certain times or dates (can't remember which), or at certain times/dates, it will erase files...
So its not a very nice virus (although a nicely written one, to tell you the truth... its very good )
So anyway, Virex will take care of it if you ever happen to get it...
I'll see if I can find that site again and post the dates/times/other conditions/whatever

Cipher13
     
Senior User
Join Date: Mar 2000
Location: France
Status: Offline
Reply With Quote
Dec 21, 2000, 05:31 AM
 
I heard that it's the 6 june that it erases the files... don't know if it's true (and I don't want to know...)

When I saw this extension which was re-installing itself automatically, I erased it and put a folder with the same name in its place... I didn't saw it anymore (an application is unable to replace a folder by a file, hehehe), but my apps are still infected...

Got it from hotline too...

------------------
Noliv
-noliv
     
Clinically Insane
Join Date: Apr 2000
Status: Offline
Reply With Quote
Dec 21, 2000, 06:44 AM
 
June sixth definately rings a bell.
But I might be getting it mixed up with the 26th... Chernobyl is 26 isn't it?
Anyway, use Virex to get rid of it.
If you don't have it, download it, then buy it afterwards, if its an emergency.
Hehe, good thinking with the folder

Cipher13
     
Mac Enthusiast
Join Date: Oct 2000
Location: Greensboro, NC USA
Status: Offline
Reply With Quote
Dec 21, 2000, 08:43 AM
 
Cipher,
I looked in MY mail box but didn't see Super ResEdit.
(hint, hint)
RP
Pismo 400 192M Sys 9.1
     
bezoar  (op)
Junior Member
Join Date: Nov 2000
Status: Offline
Reply With Quote
Dec 21, 2000, 11:30 AM
 
Agax didn't work for me at first, in fact, when i first launched it, it would not open saying "Agax may have been infected w/ the virus and refuses to open." So I threw Agax out, unstuffed a new version, and locked it before launching it. Then it worked fine...the SuperResedit way sounds more fun though.

I happened to catch it early by noticing the extension in the system, but otherwise, you will also notice that when you open an app, it takes about 10 seconds to open. Don't know if it causes any more damage than that...
     
Clinically Insane
Join Date: Dec 1999
Status: Offline
Reply With Quote
Dec 22, 2000, 01:36 AM
 

Just be lucky you're not on a Windows PC. They have about 50 times the virii as we do and have to put up with a lot more crap.
"…I contend that we are both atheists. I just believe in one fewer god than
you do. When you understand why you dismiss all the other possible gods,
you will understand why I dismiss yours." - Stephen F. Roberts
     
Junior Member
Join Date: Dec 2000
Location: Singapore
Status: Offline
Reply With Quote
Dec 22, 2000, 05:48 AM
 
i was infected by sevendust too ... and the best part of it ..
i was a new machintosh user, just touch the ibook for only 2 days and i was given the "present" ... tink i was downloading some softwares.

Well .. i have forgotten whether it was norton anti-virus or disk first aid that i ran which discovered the problem ... it keeps on re-surfacing even after the problem was supposedly to be "fixed" ...
Was follow the instruction to repair and delete the file, but the THING keeps on coming back....

In the end, i used the wonderful restore CD and blast everything out of it. Had the partial restore, setting aside the files i want and then reinstall and drag out the files which i want to keep.
And finally the ibook is smiling again
phew ... thought i was so LUCKY to received the coverted present..

The problem is ... i do not know how i got infected ......
does anyone have the idea why i got the virus ?
I suppose is because of the file i downloaded ?
But since the norton or disk first aid ( i cannot rememer ) can detect when i run the program .. why it cannot detect it when i was downloading the file if it was in the file ?

thank you
     
exa
Grizzled Veteran
Join Date: Mar 2000
Status: Offline
Reply With Quote
Dec 22, 2000, 01:53 PM
 
Hmm, when I had Sevendust and tried using Agax (locked) it wiped all the virii but it resurfaced. Apparantely what happened was that my system files were corrupt (eg, the System) so I had to start up off a boot cd and then wipe evreything out and replace the system file... works fine now...
     
Clinically Insane
Join Date: Apr 2000
Status: Offline
Reply With Quote
Dec 22, 2000, 07:00 PM
 
You could have contracted it via the file you downloaded, very easily.
It may not have detected it becuase it was in a compressed archive, or because for some reason the virus definitions file didn't have Sevendust (which couldn't be right)... unless its an altered strain of it?

Uh-oh, you didn't drop your PowerBook did you??

Cipher13
     
Mac Enthusiast
Join Date: Oct 2000
Location: Greensboro, NC USA
Status: Offline
Reply With Quote
Dec 23, 2000, 09:06 AM
 
Cipher,
Mucho, mucho thanks for the "Super" email.
Don't want to impose on you, but if you get a chance to pull the related "Read Me" off the CD, I'll vote extra stars for you.
[ I like to be well-read in the techniques before beginning self-brain-surgery ]
RP
Pismo 400 192M Sys 9.1
     
Clinically Insane
Join Date: Apr 2000
Status: Offline
Reply With Quote
Dec 23, 2000, 08:09 PM
 
No prob, if you don't get the mail within 3 days, send me a reminder
The original is archived on floppy disk (lol, I know ), so I just gotta pull it out. I know which disk so its no prob
Just remind me to do it if you don't get it

Cipher13
     
Grizzled Veteran
Join Date: May 2000
Location: Any Town, USA
Status: Offline
Reply With Quote
Dec 25, 2000, 09:37 AM
 
Great band . .

Originally posted by Cipher13:
. . . because for some reason the virus definitions file didn't have Sevendust . . .
Change your world and you will change your mind.
     
Clinically Insane
Join Date: Apr 2000
Status: Offline
Reply With Quote
Dec 26, 2000, 04:26 AM
 
As Fenix*Tx would say...
"those guys *****n rule..."

Cipher13
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 03:25 PM.
All contents of these forums © 1995-2014 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2014, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2