|
|
666 Extension
|
|
|
|
Junior Member
Join Date: Nov 2000
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Nov 2000
Status:
Offline
|
|
virex did not detect it, so i used Agax. You MUST lock Agax or it will get corrupted with the virus. Also make sure to delete the 666 extension AND the source of the virus (usually a recently installed prog or file, which will show up somewhere in Agax's examination log) before you repair the HD. Thankfully Agax worked, the extension stopped appearing and the apps now open at normal speed....
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Oct 1999
Location: Minneapolis
Status:
Offline
|
|
Yet another reason to not use hotline, and instead, get all your software legally
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Nov 2000
Status:
Offline
|
|
i don't think i mentioned getting any "illegal software," but thanks for insinuating....
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2000
Status:
Offline
|
|
Heh.
I posted a thread about that a while ago, being infected.
Agax didn't work.
I manually killed that bitch virus...
If anyone gets it and doesn't have virus protection, heres what I did:
Get Super ResEdit. Open the extension and rip its guts out... delete the INIT resource. Then get info on it and lock it down, hard. Lock resources, set Finder flag locked, and so on.
Then remember every App you have opened since getting it, open it up, and you have to delete the virus from there, but I can't remember where it hides in there... dammit I'll check.
Throw away resedit, restart, delete the extension, restart, it shouldn't be there.
Hehe, killed.
Then go out and buy Virex and run it off the CD just to be sure its gone.
Make sure you have the latest Virex definitions file... and I also got it from Hotline.
Cipher13
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jun 2000
Location: NY
Status:
Offline
|
|
lol rip its guts out, i like your wording, ive never heard of this virus, what does it do?
|
|
|
|
|
|
|
|
|
Phaedrus
|
|
Where can I find a copy of super res edit? I did a sherlock search and came up short...lots of mac hacking sites, but only resedit, no super res edit.
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2000
Status:
Offline
|
|
Phaedrus: try your mailbox?
Jsnuff1: Its called Sevendust, aka 666, aka "that bitch that infected all my apps!", and so on
Anyway, you can get it two ways... somethign installs the extension, or you open an infected app.
I haven't read about it, but from what I found out via first hand experience, whenever you launch an infected app, it checks to see if the extension is installed.
If it is? Leaves it alone.
If not? Installs it.
If the extension has been tampered with? Replaces it... it must verify some kind of checksum...
Anyway, when its loaded into memory, whenever you launch an application, it becomes infected.
And so the loop goes on, get what I mean?
Thats how it takes over your system...
Now as for damage, I didn't have any done to me.
I just now looked it up, and found almost nothing... apparently if started up between certain times or dates (can't remember which), or at certain times/dates, it will erase files...
So its not a very nice virus (although a nicely written one, to tell you the truth... its very good )
So anyway, Virex will take care of it if you ever happen to get it...
I'll see if I can find that site again and post the dates/times/other conditions/whatever
Cipher13
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 2000
Location: France
Status:
Offline
|
|
I heard that it's the 6 june that it erases the files... don't know if it's true (and I don't want to know...)
When I saw this extension which was re-installing itself automatically, I erased it and put a folder with the same name in its place... I didn't saw it anymore (an application is unable to replace a folder by a file, hehehe), but my apps are still infected...
Got it from hotline too...
------------------
Noliv
|
-noliv
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2000
Status:
Offline
|
|
June sixth definately rings a bell.
But I might be getting it mixed up with the 26th... Chernobyl is 26 isn't it?
Anyway, use Virex to get rid of it.
If you don't have it, download it, then buy it afterwards, if its an emergency.
Hehe, good thinking with the folder
Cipher13
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Oct 2000
Location: Greensboro, NC USA
Status:
Offline
|
|
Cipher,
I looked in MY mail box but didn't see Super ResEdit.
(hint, hint)
�RP
|
Pismo 400 192M Sys 9.1
|
|
|
|
|
|
|
|
Junior Member
Join Date: Nov 2000
Status:
Offline
|
|
Agax didn't work for me at first, in fact, when i first launched it, it would not open saying "Agax may have been infected w/ the virus and refuses to open." So I threw Agax out, unstuffed a new version, and locked it before launching it. Then it worked fine...the SuperResedit way sounds more fun though.
I happened to catch it early by noticing the extension in the system, but otherwise, you will also notice that when you open an app, it takes about 10 seconds to open. Don't know if it causes any more damage than that...
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Dec 1999
Status:
Offline
|
|
Just be lucky you're not on a Windows PC. They have about 50 times the virii as we do and have to put up with a lot more crap.
|
"…I contend that we are both atheists. I just believe in one fewer god than
you do. When you understand why you dismiss all the other possible gods,
you will understand why I dismiss yours." - Stephen F. Roberts
|
|
|
|
|
|
|
|
Junior Member
Join Date: Dec 2000
Location: Singapore
Status:
Offline
|
|
i was infected by sevendust too ... and the best part of it ..
i was a new machintosh user, just touch the ibook for only 2 days and i was given the "present" ... tink i was downloading some softwares.
Well .. i have forgotten whether it was norton anti-virus or disk first aid that i ran which discovered the problem ... it keeps on re-surfacing even after the problem was supposedly to be "fixed" ...
Was follow the instruction to repair and delete the file, but the THING keeps on coming back....
In the end, i used the wonderful restore CD and blast everything out of it. Had the partial restore, setting aside the files i want and then reinstall and drag out the files which i want to keep.
And finally the ibook is smiling again
phew ... thought i was so LUCKY to received the coverted present..
The problem is ... i do not know how i got infected ......
does anyone have the idea why i got the virus ?
I suppose is because of the file i downloaded ?
But since the norton or disk first aid ( i cannot rememer ) can detect when i run the program .. why it cannot detect it when i was downloading the file if it was in the file ?
thank you
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Mar 2000
Status:
Offline
|
|
Hmm, when I had Sevendust and tried using Agax (locked) it wiped all the virii but it resurfaced. Apparantely what happened was that my system files were corrupt (eg, the System) so I had to start up off a boot cd and then wipe evreything out and replace the system file... works fine now...
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2000
Status:
Offline
|
|
You could have contracted it via the file you downloaded, very easily.
It may not have detected it becuase it was in a compressed archive, or because for some reason the virus definitions file didn't have Sevendust (which couldn't be right)... unless its an altered strain of it?
Uh-oh, you didn't drop your PowerBook did you??
Cipher13
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Oct 2000
Location: Greensboro, NC USA
Status:
Offline
|
|
Cipher,
Mucho, mucho thanks for the "Super" email.
Don't want to impose on you, but if you get a chance to pull the related "Read Me" off the CD, I'll vote extra stars for you.
[ I like to be well-read in the techniques before beginning self-brain-surgery ]
RP
|
Pismo 400 192M Sys 9.1
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2000
Status:
Offline
|
|
No prob, if you don't get the mail within 3 days, send me a reminder
The original is archived on floppy disk (lol, I know ), so I just gotta pull it out. I know which disk so its no prob
Just remind me to do it if you don't get it
Cipher13
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: May 2000
Location: Any Town, USA
Status:
Offline
|
|
Great band . .
Originally posted by Cipher13:
. . . because for some reason the virus definitions file didn't have Sevendust . . .
|
Change your world and you will change your mind.
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2000
Status:
Offline
|
|
As Fenix*Tx would say...
"those guys *****n rule..."
Cipher13
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|