How to get rid of viruses on old mac software

[BadGoldEagle]

Hey guys!

I'd like to use the 400k version of Dark Castle with my 128k. It's on the Mac Garden all right, but there's a virus, "Mac OS" related.

How are you supposed to deal with such viruses without infecting your current OS?

Should I use a machine running windows or Mac? Mac OS viruses can't spread to windows I think...

I can run disinfectant but is that enough?

Thanks!

 

[tanaquil]

Someone on the other thread where this came up recommended disinfecting under System 7, since the WDEF virus (the one in the Dark Castle archive) can't spread under 7. At least that was what I understood.

Alternatively, I guess one could make (1) a locked Disinfectant startup disk, created for your system and (2) a backup of your essential system files ahead of time, and just run a disinfection routine after working with the infected image. Viruses like nVirA [not on the DC archive as far as I know] like to immediately infect your system and finder and any applications you subsequently run on an infected system, and Disinfectant can't disinfect the drive it is run from, so the locked startup disk is a handy tool.

What I find bothersome with the DC archive is that the infections are inside locked disk images. So in order to disinfect, one would have to essentially create new image files (copy the contents of the locked image to an unlocked disk/image, disinfect, and then re-save the image), at which point it's one step further away from being an authentic disk image. Not only the disk image but the files on it are likely to end up with modified dates.

It's really a pity, since that archive is a model of preservation otherwise. I suppose, even if the author of the archive had discovered the virus before he imaged the disks, he still would have had to introduce changes as a result of cleaning before making the final images. He says in his notes that the images were made from disks in a complete but open box, and the date on the virus is over a decade before the archive was made.

 

[tanaquil]

BTW, thanks for mentioning Avast in your earlier post. I have found that it is better than my previous (modern) antivirus utility at detecting viruses inside classic disk images - though I am not sure it can scan inside sit archives (it seems to be able to look inside zips though). A shocking number of the disk images I had downloaded from various sources, including the Garden, are coming up as infected, and I've been busy cleaning them all.

The Garden is usually very good about screening for such things, but even Homer nods.

 

[bigmessowires]

If you have a Floppy Emu, you can make any disk read-only by setting the write-protect tab on the SD card, or making the disk image file on the SD card read-only (with Windows or OSX - just edit the file properties). Then you can have your System files and Disinfectant on the read-only disk, without worry they'll become infected.

To your other concern - I'm not sure what you mean about locked disk images. Neither Disk Copy 4.2 nor raw .dsk images can be locked through some modification of their contents. Maybe the image file itself is locked?

 

[tanaquil]

I guess so? All I know is that the emulator is reporting that the images are locked and I can't find any way to unlock them either inside the emulator or under the modern Mac OS. I know the usual places to look for a lock/unlock switch, but maybe I'm missing something.

ETA: duh! I just realized what I was doing wrong - I was dragging images directly from the dmg into minivmac, and of course the images inside the dmg couldn't be altered. I just tried copying the contents of the dmg to my hard drive and then loading them into the emulator - from there I had no trouble disinfecting it. The modification date on the disk image file changed, but everything else remained intact. That's good to know, so thanks for prompting me to re-check it.

 

[Elfen]

Holding down the OPTION-Apple Keys to rebuild the Desktop will take take of the WDEF virus and all of its variants. System 7 is immune to the WDEF Virus, BTW, because the desktop is set up differently than on System 6.

But after you rebuild the Desktop, you should chase it with an antivirus program like Disinfectant or SAM Anti-Virus. WDEF is not a nasty virus as viruses are concerned but it is very virulent and will spread to disk to disk you put into the system.

 

[BadGoldEagle]

So I tried downloading the .dmg on a PC and win 7 corrupted the files. Damn you windows!

I ended up downloading the files directly on the Mac, and then transferring them on the windows PC. I was able to get rid of the desktop virus using Disinfectant on System 6.

Inserting an infected disk spreads the virus on system 6. So I had to disinfect the HD as well. But now all is well...or is it?

I decided to run a virus scan on my modern mac. I'm running a system check on my rMBP right now and it found 30 infections already. And I'm only halfway through.

I hope they're not serious!

But then Avast gives you a lot of false positives. It's not a great anti-virus software.

Fun fact:

Disinfectant from 1992 is a better anti-virus software than today's Avast. The latter solved the virus problem by deleting the files. That's not a great solution!

Edit: 75% done. Avast found 620 infections!!

 

[ArmorAlley]

On the topic of viruses in general, I use Norton Anti-Virus v7 (although I'm sure that earlier versions will work) along with the last virus-definition files that work with this version from 2008-01-01. It is especially useful for getting rid of the SevenDust virus (which I seem to run into often). This virus is visible when one the mysterious extension entitled 666 appears. And it's not the Apple I's initial price it's referring to.

NAV7 doesn't work on 68k machines. I have set up file-sharing over an 10baseT-LAN and I disinfect my machines remotely every now and then from the MDD.

 

[techknight]

I know this sounds crazy, but it would be kinda cool to preserve all the mac viruses just to toy with them for something to do. see how they work, etc.. 

There is a youtube channel I watch now and then where a dude demonstrates DOS, and early windows viruses and what they do. I miss old viruses, they were more fun. Nowadays its just thievery. 

 

[tanaquil]

Avast does do a weird thing where, after I disinfect an image and Disinfectant within the emulator reports that it is clean, Avast still thinks it's infected. But if you copy all the files to a new disk image, Avast will clear it.

Still, it is useful to flag old mac viruses at the point of download on the modern mac.

I discovered that if you tweak the settings, you can have it just alert you to the presence of a virus without automatically moving the infected file/disk image to the Vault. Easier for quickly cleaning the infections it finds.

 

[LarBob]

I know this sounds crazy, but it would be kinda cool to preserve all the mac viruses just to toy with them for something to do. see how they work, etc.. 

There is a youtube channel I watch now and then where a dude demonstrates DOS, and early windows viruses and what they do. I miss old viruses, they were more fun. Nowadays its just thievery. 

Are you talking about danooct1?

 

[olePigeon]

I know this sounds crazy, but it would be kinda cool to preserve all the mac viruses just to toy with them for something to do. see how they work, etc.. 

There is a youtube channel I watch now and then where a dude demonstrates DOS, and early windows viruses and what they do. I miss old viruses, they were more fun. Nowadays its just thievery. 

I don't think there were very many clever viruses for Macs (if any.)  Some of those DOS viruses were practically demos.  They were really cool.  If you had the source for them, you could remove the naughty bits, and a few of them would make for some badass boot screens or animations for your DOS PC.

The closest you'll get is The Macintosh Joker book & disk, which is really fun.