Virus in System 6 Hell

About Mini vMac and all other 68k emulators, including SoftMac, Executor, and MESS.

Moderators: Cat_7, Ronald P. Regensburg

Post Reply
MacPlusFun
Space Cadet
Posts: 1
Joined: Wed Aug 30, 2017 6:58 am

Virus in System 6 Hell

Post by MacPlusFun »

I tried to download games from the System 6 Hell page.

I was blocked from doing so by my antivirus software.

My set up is

Laptop running Windows 10

Avast Free Antivirus
prog ver 17.5.2303


target url
games-<?>,dsk
All letters appear to affected


Threat detected
MacOS Nvir

Is it possible for someone to run a check on this problem?

Ta
MacPlusFun
User avatar
adespoton
Forum All-Star
Posts: 3235
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Virus in System 6 Hell

Post by adespoton »

A number of software items on System 6 Hell games archives are infected with nVIR B or WDEF-A. Make sure you've got the Disinfectant INIT installed before you use them.

I'm running the dsks through https://virustotal.com/#/home/url right now so that we can isolate which ones need re-imaging.

[edit] Well, default scans as used on VirusTotal aren't cracking the disk images open. So someone will have to manually open them all and scan the contents.

This is most easily done loading them all into Mini vMac and running Disinfectant.
User avatar
ClockWise
Site Admin
Posts: 4076
Joined: Mon May 20, 2002 4:37 am
Location: Uiwang
Contact:

Re: Virus in System 6 Hell

Post by ClockWise »

Darn it, I always try to scan those files since just about all of the old Mac files floating around are infected.

Anyhow, I just booted up Mini vMac with a clean disk image and scanned each one of the System 6 Hell files with disinfectant. About six of the disk images seemed to have the nvir virus. They should all be clean now. Can you confirm that Macplusfun?
User avatar
GarkGarcia
Student Driver
Posts: 21
Joined: Tue Aug 15, 2017 10:51 pm

Re: Virus in System 6 Hell

Post by GarkGarcia »

Yeah, the side really is infected :(

At first I thought avast was derping arround because of the weird .dsk file format or something, but I eventually realized it was true. I would recommend using MacGarden, I never had any problems with it :D (http://macintoshgarden.org/)

Cheers!
User avatar
adespoton
Forum All-Star
Posts: 3235
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Virus in System 6 Hell

Post by adespoton »

Well, Clockwise has fixed up the images now, so System 6 Hell should now be clean.

The Garden has its own collection of nVIR and WDEF infections -- I scanned through a number of years ago. Most are clean, but it's best always to scan old software with Disinfectant prior to cross pollination.
CharlesS
Tinkerer
Posts: 97
Joined: Thu Aug 14, 2008 9:05 am

Re: Virus in System 6 Hell

Post by CharlesS »

With all that said, it's pretty impressive that Avast is able to detect such ancient things as resource-fork Mac viruses from the 80s.
There's no earthly way of knowing, which direction we are going, for the rowers keep on rowing, and they're certainly not showing any signs that they are slowing.
User avatar
adespoton
Forum All-Star
Posts: 3235
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Virus in System 6 Hell

Post by adespoton »

They're not the only ones to do so, although I happen to know a number of other companies have disabled unpacking for a lot of the older formats to speed up scan times on modern systems. But the actual malware detections are still in their data sets.
CharlesS
Tinkerer
Posts: 97
Joined: Thu Aug 14, 2008 9:05 am

Re: Virus in System 6 Hell

Post by CharlesS »

The thing that impresses me is that it can apparently scan into the resource fork, something that's relatively obscure, platform-specific, and already obsoleted at the time Avast! was ported to the Mac.
There's no earthly way of knowing, which direction we are going, for the rowers keep on rowing, and they're certainly not showing any signs that they are slowing.
User avatar
adespoton
Forum All-Star
Posts: 3235
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Virus in System 6 Hell

Post by adespoton »

The method of doing so is likely relatively simplistic: they're probably splitting the resource fork out as a separate data stream and doing a signature sequence scan. I know that's what other products do/did.
Post Reply