 |
 |
666-extension
|
|
|
|
|
Mac Elite
Join Date: Feb 2001
Location: France
Status:
Offline
|
|
Have a 666-extension, which loads again and again even if you delete it.
Looks very virus-like.
So I pointed McFee at it but it said: ok...
NAV says my Ti contains strains of C...something.
But when I let it clean, it isn't able of cleaning the Mac OS ROM, so I deleted it (I know...).
So I had to put this back from a cd, which wasn't that easy acyually, but I finally managed.
And then I got the 666-extension again...
Actually nothing seems to be wrong, but **** seems to happen at certain days...
Anyone?
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Oct 2000
Location: Berkeley, CA, US
Status:
Offline
|
|
its actually a virus. not that bad most of the time since it stays dormant until the sixth minute of the sixth hour of the sixth day of every month (something like that). the author of the virus had a thing for the number 666. i couldn't get rid of it with norton antivirus (cuz it didn't catch it) so i had to use virex.
when i had it certain applications would start up kind of slow and behave strange as well.
hope this helps. good luck.
my edit: p.s. "strains of c" is a common name for this virus.
[ 08-25-2001: Message edited by: brown monk ]
|
|
brown is sweeter
me_puter: outdated
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Feb 2001
Location: France
Status:
Offline
|
|
Hm, thanks for answering.
The funny thing is that NAV indeed is not capable of removing it, but Virex doesn't even recognise it, so it doesn't remove it...
I don't know how / if it's possible to remove it by hand, I guess that will need some thorough knowledgeof certain matters :-)
But thanks anyway.
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Oct 1999
Location: Minneapolis
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2000
Status:
Offline
|
|
Originally posted by Appleman:
<STRONG>Hm, thanks for answering.
The funny thing is that NAV indeed is not capable of removing it, but Virex doesn't even recognise it, so it doesn't remove it...
I don't know how / if it's possible to remove it by hand, I guess that will need some thorough knowledgeof certain matters :-)
But thanks anyway.</STRONG>
Virex works fine against it for me (just infected myself to test...)
I had a nasty encounter once. I had no virus protection... it hosed Ajax...
I had to remove it manually.
Through trial and error, I came up with this:
��Using Resedit, open the 666 extension. Strip every resource from it - then get info on it with Resedit. Hit every lock flag in the window (esp. resource lock), then Finder lock it. Now it can't repair itself.
��Reboot to clear it from memory - the Finder shouldn't be infected because it isn't an APPL(ication)
��Open every app that you suspect of being infected (it infects them as they open), in Resedit, and strip the 666 CODE resource from it.
Done 
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Feb 2001
Location: France
Status:
Offline
|
|
Ha, good old Cipher again! Yes, of course, it must be possible with resedit, and thanks for the info about how to do it! I'll try asap!
And I will, of course, try out ajax, maybe I tried a old version of Virex.
Thanks.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Feb 2001
Location: France
Status:
Offline
|
|
Agax worked fine: well, I had to start up with extensions off, then to open the ajax downloaded file, remove the 666-extension, and clean the rest, only then it was gone.
By just cleaning it, it didn't remove the extension, so it came back again.
By installing it, Ajax itself was infected thus didn't work.
But it's gone now, so thanks a lot (again!).
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top