|THE DIRTY DOZEN – An Uploaded Program Alert List|
Recently, many unlawfully copied or modified programs have appeared on various IBM PC bulletin boards across the country. THE DIRTY DOZEN is a list of known examples.
IMPORTANT NOTE: the author takes no responsibility for the validity or completeness of this list. Many sources contribute to the list, and it is very possible that one of the reported 'dirty' files works perfectly and is in the Public Domain. I will try to '*' asterisk any programs what I feel are not positively 'bad,' but all the same, it is quite possible that a mistake will slip in somewhere. Since this is the case, please keep in mind while reading this list that however unlikely, it is possible that I or my sources are incorrect in our accusations. Please also bear in mind that the dirty dozen list has not yet falsely accused a Public Domain program of being pirated, or a well working program of all existing bad software into one list. Everyday users upload bad software to hundreds of boards, and often times the software is not yet in this list. In other words, if you run a trojan horse that I did not list in here, don't call my board up call up and leave me a message so that I can get the destructive program in the next issue. If anyone is unsure whether a file is trojan, and it's not listed in here, then I recommend using a utility like BOMBSQAD.COM to prevent any mishaps.
There are four major categories of bad software: commercial pirate jobs, unauthorized copies of otherwise legitimate freeware programs, malicious "TROJAN" programs which damage your system, and miscellaneous illegal software. Please look in the definitions section of this document for a more detailed explanation of these terms.
SysOps: Please be careful with the files you post in your download libraries! An professional quality uploaded game or disk utility should arouse your suspicions, especially if it doesn't include the author's name, address, and distribution policy. Such programs are probably NOT public domain! The BBS community is already under legislative threat at the State and Federal level. We cannot fight this trend effectively while our directories sit stocked with cracked Sega games, wargames dialers, and malicious "trojan horses!" Let's demonstrate a little social responsibility by cleaning up our download libraries. If you as a SysOp have any of these files on your system, please delete them and post "blocking" dummy file entries like this one:
ZAXXON.COM DELETED!! NOT PUBLIC DOMAIN!!
If everyone works together to fight this new brand of software, the growing numbers of piraters and trojan horse writers may well be put 'out of business!'
The idea behind THE DIRTY DOZEN is to bring this important issue to the attention of more SysOps and users - to act as an information "clearing - house" for the latest known examples of "bogusware," so that an educated public can fight effectively for safe downloadable files.
The Dirty Dozen is a big project, and it needs your help to succeed!
Please call in any updates of bad software that you know of, but DO NOT modify this article yourself. If everyone who discovers a pirated program starts modifying the DD, there would be hundreds of issues in circulation. Also, I think it's quite unfair, especially considerig that I've spent over a hundred hours of my time on this list, for just anyone to put their name at the top of the list and say that they write, or helped write, the DD. For example, someone named Gerhard Barth added two files, both of which were already listed in the DD, and proceeded to write "Updated by Gerhard Barth, please send all further updates to Gerhard Barth," etc. If everyone does this, how will anyone know which file is the latest and TRUE Dirty Dozen? If you have an update, please see the end of this article for information on how to reach me with new information.
A user of mine has notified me that some pirates have patched HARDHAT.COM and PANGO.COM to read "cracked by Eric Newhouse." This is ridiculous! Please disregard any programs that you may come across in the future advertising "copy protection busted by Eric Newhouse, " or the like. This is just one more way that pirates are trying to get me to stop publishing this list!
A word on TROJANS: I have been hearing more and more reports of these "worm" programs, from all directions. While I don't doubt their existence, do not get hysterical. Remember, a Trojan rumor is much easier to START than it is to STOP. Some people have accused legitimate *joke* programs, like DRAIN (which pretends to be gurgling excess water out of your A drive) of being "killers." If a program locks up your system, it isn't necessarily Trojan; it might not like co-residing with Superkey, or your graphics card. Ask around a little before you announce something as Trojan. I would appreciate a bagged specimen of any real Trojan program that you might have the (un)luck to find.
A word on Pirated programs: Recently many pirated programs such as AUTODEX have been going under many different names. Although I will try to keep all these names current in the DD, the best way to check for piracy in a file is to run that file yourself – checking for (C)opyright notices of commercial manufactures, similarities in looks and operations of commercial programs, and of course whether the name is in this list.
Finally I want to thank all BBS SysOps and users that notified me of
updates, additions, and/or corrections to DIRTYDOZ.006. It's great to see so much support! In this issue more people than ever called in with updates. Everyone else who reads this list, along with myself, really appreciates the effort!
HACKED An unlawfully modified copy of an otherwise legitimate public domain or user-supported program. It is illegal to distribute a modified copy of someone else's work without their permission! All modified programs must contain this permission, either in the program's display or documentation.
- TROJAN* BEWARE!! These programs PURPOSEFULLY damage a user's system
upon their invokation. Usually they aim to disable hard disks,
although they can destroy other equipment too. It is IMPERATIVE that you let me know about any new examples of these that you find.
PIRATED This is an illegal copy of a commercial program product. Examples: a cracked (de-protected) game, an accidentally or deliberately distributed compiler, editor or utility; sometimes a Beta test copy of a program under development, handed out by a disgruntled employee or dishonest beta tester. In the latter case, the program in question may never make it to market due to the piracy! In the case of games, there's a tendency for the pirate to patch a clumsy "PUBLIC DOMAIN" notice over top of the original copyright. ZAXXON.COM is a prime example.
MISC This is miscellaneous illegal software and/or text. The best definition, aside from that, that I can think of is that it's NOT pirated software.
NOTE: If I do not supply a file extension, that means that the file circulates under many different extensions. For instance, users commonly upload with extensions of either: .EXE, .COM, .EQE, .CQM, .LBR, .LQR, and .ARC.
|TROJAN HORSE PROGRAMS:|
Name Category Notes ————– ——– ————————————————- ANTI-PCB *TROJAN* The story behind this trojan horse is sickening.
Apparently one RBBS-PC sysop and one PC-BOARD sysop started feuding about which BBS system is better, and in the end the PC-BOARD sysop wrote a trojan and uploaded it to the rbbs SysOp under ANTI-PCB.COM. Of course the RBBS-PC SysOp ran it, and that led to quite a few accusations and a big mess in general. Let's grow up! Every SysOp has the right to run the type of BBS that they please, and the fact that a SysOp actually wrote a trojan intended for another simply blows my mind.
ARC513.EXE *TROJAN* This hacked version of arc appears normal, so
beware! It will write over track 0 of your [hard] disk upon usage, destroying the disk.
ARC514.COM *TROJAN* This is totally similar to arc version 5.13 in that
it will overwrite track 0 (FAT Table) of your hard disk. Also, I have yet to see an .EXE version of this program..
BACKTALK *TROJAN* This program used to be a good PD utility,
but some one changed it to be trojan. Now this program will write/destroy sectors on your [hard] disk drive. Use this with caution if you acquire it, because it's more than likely that you got a bad copy.
CDIR.COM *TROJAN* This program is supposed to give you a color
directory of files on disk, but it in fact will scramble your disks FAT table.
DANCERS.BAS *TROJAN* This trojan shows some animated dancers in color,
and then proceeds to wipe out your [hard] disk's FAT table. There is another perfectly good copy of DANCERS.BAS on BBS's around the country; apparently the idiot author in question altered a legitimate program to do his dirty work.
DISKSCAN.EXE *TROJAN* This was a PC-MAGAZINE program to scan a (hard) disk
for bad sectors, but then a joker edited it to WRITE bad sectors. Also look for this under other names such as SCANBAD.EXE and BADDISK.EXE...
DMASTER *TROJAN* This is yet another FAT scrambler.. DOSKNOWS.EXE *TROJAN* I'm still tracking this one down – apparently
someone wrote a FAT killer and renamed it DOSKNOWS.EXE, so it would be confused with the real, harmless DOSKNOWS system-status utility. All I know for sure is that the REAL DOSKNOWS.EXE is 5376 bytes long. If you see something called DOSKNOWS that isn't close to that size, sound the alarm. More info on this one is welcomed -- a bagged specimen especially.
DPROTECT *TROJAN* Apparently someone tampered with the original,
legitimate version of DPROTECT and turned it into a FAT table eater.
EGABTR *TROJAN* BEWARE! Description says something like
"improve your EGA display," but when run it deletes everything in sight and prints "Arf! Arf! Got you!"
EMMCACHE *TROJAN* This is a funny trojan. The author did a good
V. 1.0 job of writing the documentation, and on the outside it looks to be a very well written program. However, after running it to install 69 pages of a EMS disk cache, the program A) Scrambled every file that I thereafter modified (changed and then wrote to disk), and B) Destroyed my boot sector. The program is especially dangerous because it will damage many of your most used files before you realize what hit you.
FILER.EXE *TROJAN* One SysOp complained a while ago that this program
wiped out his 20 Megabyte HD. I'm not so sure that he was correct and/or telling the truth any more. I have personally tested an excellent file manager also named FILER.EXE, and it worked perfectly. Also, many other SysOp's have written to tell me that they have like me used a FILER.EXE with no problems. If you get a program named FILER.EXE, it is probably allright, but better to test it first using some security measures.
FINANCE4.ARC *TROJAN* This program is not a verified trojan;
there is simply a file going around BBS's warning that it may be trojan. In any case, execute extreme care with it.
FUTURE.BAS *TROJAN* This "program" starts out with a very nice color
picture (of what I don't know) and then proceeds to tell you that you should be using your computer for better things than games and graphics. After making that point it trashes your A: drive, B:, C:, D:, and so on until it has erased all drives. It does not go after the FAT alone, but it also erases all of your data. As far as I know, however, it erases only one sub-directory tree level deep, thus hard disk users should only be seriously affected if they are in the "root" directory. I'm not sure about this on either, though.
MAP *TROJAN* This is another trojan horse written by the infamous NOTROJ.COM *TROJAN* This "program" is the most sophisticated trojan
horse that I've seen to date. All outward appearances indicate that the program is a useful utility used to FIGHT other trojan horses. Actually, it is a time bomb that erases any hard disk FAT table that IT can find, and at the same time it warns: "another program is attempting a format, can't abort!" After erasing the FAT(s), NOTROJ then proceeds to start a low level format. One extra thing to note: NOTROJ only damages FULL hard drives; if a hard disk is under 50% filled, this program won't touch it! If you are interested in reading a thorough report on NOTROJ.COM, James H. Coombes has written an excellent text file on the matter named NOTROJ.TXT. If you have trouble finding it, you can get it from my board.
TIRED *TROJAN* Another scramble the FAT trojan by Dorn W.
TSRMAP *TROJAN* This program does what it's supposed to do:
give a map outlining the location (in RAM) of all TSR programs, but it also erases the boot sector of drive "C:".
PACKDIR *TROJAN* This utility is supposed to "pack" (sort and
optimize) the files on a [hard] disk, but apparently it scrambles FAT tables.
QUIKRBBS.COM *TROJAN* This Trojan horse advertises that it will QUIKREF *TROJAN* This ARChive contains ARC513.COM.
load RBBS-PC's message file into memory 2 times faster than normal. What it really does is copy RBBS-PC.DEF into an ASCII file named HISCORES.DAT...
RCKVIDEO *TROJAN* This is another trojan that does what it's supposed
to do, then wipes out hard disks. After showing some simple animation of a rock star ("Madonna," I think), the program will go to work on erasing every file it can lay it's hands on. After about a minute of this, it will create 3 ascii files that say "You are stupid to download a video about rock stars," or something of the like.
SECRET.BAS *TROJAN* BEWARE!! This may be posted with a note saying
it doesn't seem to work, and would someone please try it; when you do, it formats your disks.
SIDEWAYS.COM *TROJAN* Be careful with this trojan; there is a perfectly
legitimate version of SIDEWAYS.EXE circulating. Both the trojan and the good SIDEWAYS advertise that they can print sideways, but SIDEWAYS.COM will trash a [hard] disk's boot sector instead. The trojan .COM file is about 3 KB, whereas the legitimate .EXE file is about 30 KB large.
STAR.EXE *TROJAN* Beware RBBS-PC SysOps! This file puts some
stars on the screen while copying RBBS-PC.DEF to another name that can be downloaded later!
STRIPES.EXE *TROJAN* Similar to STAR.EXE, this one draws an American
flag (nice touch), while it's busy copying your RBBS-PC.DEF to another file (STRIPES.BQS) so Bozo can log in later, download STRIPES.BQS, and steal all your passwords. Nice, huh!
TOPDOS *TROJAN* This is a simple high level [hard] disk formatter. VDIR.COM *TROJAN* This is a disk killer that Jerry Pournelle wrote
about in BYTE Magazine. I have never seen it, although a responsible friend of mine has.
|'*' = not verified by program's author|
ARC.COM HACKED Someone keeps running SPACEMAKER or a similar EXE
squeezer on SEA, Inc.'s ARC archive program, then uploading the resulting COM file to BBS's without the author's permission. SEA will NOT support the COM version -- this is an unauthorized modification.
AUTOMAXX.ARC HACKED This DOS menu-making program comes with
documentation that is almost certainly plagiarized. Marshall Magee, author of the popular AUTOMENU program, contends that the AUTOMAXX documentation uses exact phrases from his documentation, and if this is the case, AUTOMAXX is clearly illegal. In addition, the executionable file in AUTOMAXX.ARC may also be plagiarized. For more information, please contact Marshall Magee, at (404) 446-6611.
DOG102A.COM * HACKED Apparently this is a renamed early version of the DP102A.ARC utility DISKPACK.COM. One person has reported that it
trashed his hard disk that was formatted under DOS 3.1 (2KB clusters).
LIST60 HACKED Vern Buerg's LIST 5.1, patched to read 6.0.
Note: Mr. Buerg has released a legitimate version 6.0 of LIST. Every legit. version will have a letter in the filename (e.g. LIST60H.ARC)
LIST799 HACKED Vern Buerg's LIST 5.1, patched to read 7.99. QMDM110.ARC HACKED These hacked versions of qmodem are QMDM110A.ARC copies of 1.09, patched to read 1.10. There
have been rumors of a worm in 1.10, but I have seen no evidence of it. Other versions are OK.
|Game – some sort of game, usually of "Arcade" Quality|
|Util – a disk, screen, or general utility|
|Misc – miscellaneous, printer controllers, sound, etc.|
Program Name Type Description ———— —- ———–
1DIR.COM PIRATED Util – This is "The ONE Dir," a commercial shell
sold with a Hard Disk subsystem.
21C.EXE PIRATED Game – From the IBM Game Library – blackjack ACUPAINT PIRATED Misc – PC Paint – ARC-ed file is 148,221 bytes. ALLEYCAT.COM PIRATED Util – The IBM game "Alley Cat" ALTEREGO.ARC PIRATED Game – Alter Ego game from Activision
this archive file is huge -- about 450KB or so..
ARCHON.COM PIRATED Game – Electronic Art's Archon. ARTOFWAR PIRATED Game – Ancient Art of War game. AUTODEX PIRATED Util – AUTODEX, a commercial file manager AXX.EXE PIRATED Util – also AUTODEX B1-BOMB PIRATED Game – Avalon Hill's B1 Bomber BATTLE PIRATED Game – Battle Zone Game BBCHESS PIRATED Game – Blues Box Chess BC-QUEST PIRATED Game – Bc's Quest for Tires BIGMAC.ARC PIRATED Util – Also Superkey BRUCELEE PIRATED Game – Bruce Lee game BUCK PIRATED Game – Buck Rogers on Planet Zoom BURGER PIRATED Game – Burgertime BUSHIDO PIRATED Game – Karate Game BUZZBAIT PIRATED Game – Buzzard Bait CALL2ARM PIRATED Game – Call to Arms CENTIPED PIRATED Game – Be careful with this one. At least two other
legitimate, PD copies of Centipede are in circulation. There pirated one is supposedly PUBLIC DOMAIN BY ATARI. Yeah, Right.
COMMANDR.ARC PIRATED Game – Norton Commander COSMIC PIRATED Game – Cosmic Crusaders COPYRITE PIRATED Util – Really Quaid Software's COPYWRITE COPYWRIT PIRATED Util – Quaid Software's COPYWRITE again COSMIC PIRATED Game – Cosmic Crusaders game CROSFIRE.COM PIRATED Game – Cross fire game.. CRUSH-CC.ARC PIRATED Game – Crush, Crumble & Chomp Game DEB88.EXE PIRATED Misc – DeSmet "C" debugger DECATH PIRATED Game – Microsoft Decathalon DEFENDER PIRATED Game – Defender DIGGER.COM PIRATED Game – Dig Dug DIGDUG.COM PIRATED Game – Dig Dug DISKEX PIRATED Util – Disk Explorer Utility DOSHELP.EXE PIRATED Util – This is really Central Point Software's
PC-tools. One special note: There is usually a poorly written documentation accompanying this file. In the documentation ERIC HSU asks for a monetary contribution to his bbs. Well, It seems that this was a poor attempt to damage ERIC HSU's reputation; Eric is a legitimate SysOp in the Houston area.
DOSMENU PIRATED Util – INTECH'S DOSMENU - The Menu screen says "PC
DOS MENU SYSTEM 5.0" Archive size is 208,240 - The copyright notice is on the bottom of the screen.
DOSSHELL PIRATED Util – AUTODEX again DRL PIRATED Game – Avalon Hill's "Dnieper River Line." DIPLOMCY PIRATED Game – Avalon Hill's "Computer Diplomacy" game. EGADIAG PIRATED Util – Quadram EGA (Quad EGA+) diagnostics. EINSTIME PIRATED Util – Another pirated IBM internal utility EXPLORER.COM PIRATED Util – Quaid Software's Disk Explorer EVOLUTIO PIRATED Game – Evolution F15 PIRATED Game – F-15 Strike Eagle FILEEASE PIRATED Util – Dos Utility FILEMGR PIRATED Util – Really FILE MANAGER by Lotus Devel. Corp. FILEMAN PIRATED Util – Also FILE MANAGER. The file is 10 KBytes FINDIT PIRATED Util – IBM internal 'locate a file' utility FSDEBUG PIRATED Util – IBM's Full Screen Debug program.. GOLDCUP PIRATED Game – Gold Cup championship soccer GOLF21.ARC PIRATED Game – Golf's Best version 2.1 GREMLINS.COM PIRATED Game – Gremlins game HARDHAT.COM PIRATED Game – Hard Hat Mack HIGHORBT PIRATED Game – High Orbit (like Star Wars) HOOP.COM PIRATED Game – One-on-1 ID PIRATED Util – Persyst Ram disk software IBM21 PIRATED Game – 21c IPLTIME.COM PIRATED Util – IBM Internal Use Clock utility JBIRD PIRATED Game – Jbirds – Q-bert Game JET PIRATED Game – Jet is a flight simulator JETDRIVE.ARC PIRATED Util – JET Drive – copies files quickly JOUST PIRATED Game – Joust. Be careful, there is a 6K version KEYWORKS.ARC PIRATED Util – Keyworks macro program, usu. version 2.0 KONG PIRATED Game – Donkey Kong LIGHTNIN PIRATED Util – Can be either the cache or spell checker MACE+ PIRATED Util – Paul Mace's MACE+ utilities MACROS PIRATED Util – Again Superkey, or even Prokey MEDMAG.COM PIRATED Util – Quaid Software's Media Magician MISSLEC PIRATED Game – Missle command MONTYS.COM PIRATED Game – Montezuma's Revenge MOONBUGS PIRATED Game – Moon Bugs MS PIRATED Util – IBM internal utility. MTS PIRATED Util – IBM Multitasker that's similar to Double-Dos MULTASK PIRATED Util – Same as MTS MURDRBY# PIRATED Game – Murder by Numbers MUSICCON PIRATED Misc – Music Construction Set NFL.ARC PIRATED Game – Xor's NFL challenge. NICE PIRATED Misc – A printer Controller NODISK-A.COM PIRATED Util – Central Point software's Nokey. NORTON.COM PIRATED Util – Peter Norton's Utilities! NOVATRON PIRATED Util – Tron light cycles. ONE-ON-1 PIRATED Game – One-on-1 basketball game. PATHMIND PIRATED Util – Dos Shell PC-POOL PIRATED Game – Really PC-POOL, commercial game PC-TOOLS PIRATED Util – Central Point Software's PC-tools PCBOSS PIRATED Util – Another Dos shell PCED PIRATED Util – Pro CED, DOS command line editor PEII PIRATED Util – IBM Personal Editor II PINCONST PIRATED Game – Pinball Construction Set POOL.ARC PIRATED Game – Same as PC-POOL POPALARM.COM PIRATED Util – Part of POP DOS POPDOS.ARC PIRATED Util – Pop up (resident) dos utilities. PRIME PIRATED Util – Columbia Data Co. hard disk utility. PROKEY PIRATED Util – Prokey macros program PSHIFT PIRATED Util – really MEMORY SHIFT PSRD.ARC PIRATED Util – IBM utility (redirects PrtSc) QDOS PIRATED Util – Quickdos QUCKDOS PIRATED Util – Quickdos QIX PIRATED Game – The game. RACTER PIRATED Game – Racter RASTER-B PIRATED Game – Raster Blaster RIGHTW PIRATED Util – Right Writer (writing style checker) ROBOTRON PIRATED Game – Robotron, hacked to read PUBLIC DOMAIN BY
ATARI. Don't pirates have any imagination?
ROGUE.EXE PIRATED Game – Game very similar to the PD game HACK.EXE ROMANTIC PIRATED Game – Romantic Encounters at the Dome. Also RE.ARC SEADRAG.ARC PIRATED Game – Sea Dragon SEE PIRATED Misc – DeSmet editor SFX PIRATED Util – really AUTODEX (again!) SM.COM PIRATED Util – Realia's SPACEMAKER utility SMAP PIRATED Util – IBM Internal utility, with the copyright
notice blanked out and real author's name () replaced by "Dorn W. Stickle".
SPYHUNT PIRATED Game – Spy Hunter Game. STARGATE.EXE PIRATED Game – Hacked to say "PUBLIC DOMAIN BY ATARI,"
but don't you believe it! Be careful not to confuse this 57 KB .EXE file with the public domain STARGATE MERCHANT game, which is a little 12 KB BASIC program by G. E. Wolfworth.
STRIPKR PIRATED Game – Strip Poker by Artworx SUPERCAD PIRATED Misc – Easy CAD, a drawing program – LQR file
size is 242,660 bytes
SUPERKEY PIRATED Misc – Superkey macro program TEMPOFAP PIRATED Game – Temple of Apshai THEQUEST.BAS/EXE PIRATED Game – The Quest TIRES.EXE PIRATED Game – Again, really bc's quest for tires TREASURE PIRATED Game – Pirate's Treasure game ULTIII PIRATED Game – Ultima 3 UTILITY PIRATED Util – Norton's Utilities Arced and with the file
names changed. When run, however, the programs display the copyright notice of Peter Norton. Many other pirated utilities could also go under the name UTILITY.
VOYAGERI PIRATED Game – (Avalon-Hill Game) VS PIRATED Util – Also INTECH'S DOSMENU WCKARATE PIRATED Game – World Championship karate by Epyx WG-BBALL PIRATED Game – World's Greatest Baseball Game WORSTR PIRATED Util – Word Star, labeled as a 'great new editor' XDIR PIRATED Util – Pre-release version of DOS FILE TRACKER XTREE PIRATED Util – IBM's tree utility, an IBM "Personally
ZAXXON PIRATED Game – Hacked (sound familiar?) to say "PUBLIC
DOMAIN BY SEGA." Sorry, Charlie!
|MISCELLANEOUS ILLEGAL FILES:|
COPYWRIT MISC Patch – Although the real COPYWRITE is going around
Bulletin Boards like fire, there is another illegal file under the same name. The former takes around 40 KB ARC-ed, whereas this takes about 2 KB. What I'm referring to is an archive of 1-3 files that explains how to remove the serial numbers from copywrite. Now it's allright to "unprotect" a program for backup purposes, but removing serial numbers can only lead to piracy.
LOCKPICK MISC Text – This is a text file, usually with a
.TXT extension, that casually explains how to pick locks. I'm not sure whether this is illegal, but it's definitely in poor taste.
MONOPOLY MISC Game – The authors of all monopoly
programs are, according to a fairly reliable source, being sued by Parker Brothers over copyright infringements. These files may become illegal soon, but as of this printing they are still legal.
MOVBASIC MISC Util – This highly illegal file breaks IBM copyright
on BASIC and BASICA. What it does is create new files called SBASIC or SBASICA that run "IBM BASIC" on an IBM clone. Guys, don't you think that these clones don't run IBM BASICA for a good reason? The clones don't support BASICA because it's illegal!
XTALK MISC Patch – Like Copywrite, there is a patch circulating
BBS's to remove the serial numbers from Crosstalk.
|Many thanks to generous, continuous update contributions from:|
|1. THE SOURCE information service.|
|2. Jim Harrington|
|3. Jim Golden|
This is the end of the "bad files list." The rest of this document contains instructions on what to do if YOU run a trojan horse, an update history, a glossary, and information on how and where to contact me with updates.
|If you run a trojan horse..|
While reading this, bear in mind that there is no better remedy for a drive that has run a trojan horse than a recent backup..
The first thing to do after running what you think to be a trojan horse is diagnose the damage. Was your [hard] drive formatted? Did the trojan scramble your FAT table? Did every file get erased? Did your boot sector on the [hard] drive get erased/formatted? Odds are that the trojan incurred one of these four disasters.. After the initial diagnosis, you are ready to remedy the problem.
1) If the trojan low-level formatted your [hard] disk: Hope that you have a recent backup; that's the only remedy for this disease.
2) If the trojan high-level formatted your [hard] disk: There is only one way out of this mess, and that is to use the MACE+ utilities by Paul Mace. MACE+ has two devices in it to recover formatted disks, and believe me, they work! I will talk more about the MACE+ utilities later.
3) If the trojan scrambled your FAT table: Once again, there is nothing to do. However, there is a program called FATBACK.COM (available on my board) that will back up your FAT table in under a minute to floppy. Using FATBACK, it is easy and non time consuming to back up your FAT regularly.
4) If the trojan erased file(s), and the FAT table is undamaged: There are many packages to undelete deleted files. Norton Utilities, PC-tools, MACE+, and UNDEL.COM will all do the job. I recommend the first three, but they are more expensive than the Public Domain program UNDEL.COM. When you are undeleting, be sure to undelete files in the order of last time written to disk. I know that PC-tools automatically lists undeletable files in the correct order, but the other three may not.
5) If the boot sector on your [hard] disk gets erased/formatted: There are four things to do if this happens, and the worst that can happen is that you will go without a [hard] disk for a while. To be on the safest side, back up everything before even proceeding to step "A," although I can not see why it would be necessary.
A) Try doing a "SYS C:" (or "SYS A:") from your original DOS disk, and copy COMMAND.COM back onto the [hard] drive after that. Try booting and if that doesn't work try step B.
B) If you have the MACE+ utilities go to the "other utilities" section and "restore boot sector." This should do the job if you have been using MACE+ correctly.
C) If you are still stuck, BACK EVERYTHING UP and proceed to do a low level format. Instructions on how to perform a low-level format should come with your [hard] disk controller card. Be sure to map out bad sectors using either SCAV.COM by Chris Dunford or by manually entering the locations of bad sectors into the low level format program. After the low level format, if your have a hard disk, run FDISK.COM (it comes with DOS) and create a DOS partition. Refer to your DOS manual for help in using FDISK. Then put your original DOS diskette in drive A: and do a FORMAT <drive letter>:/S/V. Drive letter can stand for "C" or "B" depending on whether you are reformatting a hard disk or not. Finally you are ready to attempt a reboot.
D) If you are still stuck, either employ some professional computer repairmen to fix your drive, or live with a non-bootable [hard] drive..
By now you may be saying to yourself:
"How can I get a hold of a 'MACE+' utilities package so that I can guard against trojans? Why, MACE+ can recover a formatted drive, undelete files, restore boot sectors, optimize a disk, and provide a disk cache!
Anyone can obtain these marvelous utilities in one of two ways: one is to call up the Paul Mace Software Company ™ and order them at a retail of $ 79.95. The other is place an order for them at the WEST LOS ANGELES PC-STORE, which supports next day UPS shipping! The BBS phone # for the PC-STORE is at the end of this document.
Version 1.0 Plans were drawn up for a "bad file" list and a dozen bad files were entered in the list. Version 2.0 Saw the addition of a short introduction and 3 more files. All work up to here was done by Tom Neff. Version 3.0 Here Tom Neff and I started collaborating on the Dirty Dozen. 22 files were added, and the introduction was completely re-written. Version 3.0 had a total of 37 files.
Version 4.0 By this time I totally took over responsibility of the DD, as Tom Neff lost interest. Another 30 or so files were added to the list, making the DD 65+ files strong, as well as a few more additions to the introduction.
Version 5.0 By the time I released version 5.0 to the public, the Dirty Dozen was being greeted favorably and with enthusiasm around the country. Updates started coming in with regularity; the list prospered (if one can say that about a list!). A few more paragraphs were added to the introduction, and about 40 new files were bringing the file total up to 103!
Version 6.0 The Dirty Dozen is now such a big project that I am now writing it in stages. Although I am going to make absolutely no effort to spread these "intermediate versions," they will always be downloadable from my board. This way if anyone so desires, they may keep an extremely current issue of the DD, although the changes will only be minor. You might think of stage "a" of issue #6 as version 6.1, stage "b" as version 6.2, stage "c" as version 6.3, etc.
New in version 6.0 is the following: A) Many minor revisions, B) 17 more files, bringing the total to 120! C) Two new paragraphs in the introduction, D) Instructions on how to recover from a trojan horse, E) A comprehensive glossary, F) This update history, G) An acknowledgments section set up for major contributors of information regarding new bogusware H) A new bogusware catagory of "miscellaneous illegal software."
Version 6.0a MOVBASIC.ARC and SBASICA added to the list of illegal files. as well as six Trojan horses have been added to the list. Version 6.0c NOTROJ.COM added to the trojan horse list. Version 6.0d DOG102A.COM added to the hacked files list. HACKED files separated from TROJAN files Version 6.0e DANCERS.BAS added to the trojans list. Version 6.0f 4 pirated files added, + NODISK-A and DMASTER to trojans Version 6.0g NODISK-A removed from trojan horse list & placed into pirated programs list. Monopoly warning issued in misc section. added a few pirated programs. + DPROTECT added as trojan. Version 6.0h EMMCACHE and TIRED added to trojan list, + PEII added. Version 6.0i Added TOPDOS to Trojan list, and AUTOMAXX to HACKED list. Version 6.0j Added QUICKREF to trojans list. Revised introduction, and added a paragraph to the intro about modifying the DD. Version 6.0k Moved paragraph about 'I'm not responsible for this list' to the front of the file for legal reasons. Also added the '*' convention for HACKED programs. Version 6.0l Added FINANCE4 as a possible trojan. Added a few glossary definitions.
Version 7.0 The major changes in this version took place in the revision stages above. However, I still changed quite a bit in version 7.0 compared to 6.0 revision stage 'L;' for example, I added seventeen new pirated programs, bringing the file total to a whopping 165! Moreover, I rewrote virtually every paragraph in the dirty dozen in order to 'stylize' (clean up the writing in) the document. Once again I would like to thank all users who called in updates to the Dirty Dozen; those users are the people that encourage me to keep producing the dirty dozen!
|I have intended this glossary at the beginning to intermediate|
|user; all experienced BBS users will be bored to death with this.|
?Q? – (? standing for any character). File extension for SQueezed
files. Squeezed files are unusable until unsqueezed by a utility such as NUSQ.COM or USQ.COM. The advantage of a SQueezed file is that it is smaller than a regular UnSQueezed file, thus saving disk space and download time. ARChives are more efficient than Squeezed files; that's why there are so many more ARChives on BBS's these days. Example of the extensions of SQueezed files: .EQE, .CQM, .LQR, .TQT, .DQC, etc.
ABBRV – abbreviation for the word: "abbreviation" ARC – File extension for an ARChive file – many files combined
together to save space and download time that require ARC.EXE, PKXARC.COM, ARCE.COM, or ARCLS.EXE to separate the files in to runnable and readable (in the case of text) form.
BAS – abbrv for "BASIC," as in the programming language BBS – abbrv for "Bulletin Board System" BBS's – abbrv for "Bulletin Board Systems" BOARD – Also "Bulletin Board System" BOGUSWARE – software that is damaging to one or more parties BOOT or – to boot a computer is to restart it from scratch, erasing REBOOT all TSR programs. One reboots by either powering
off and then back on, or pressing ctrl-alt-del at the same time.
BYTES – Bytes measure the length of a file, with one
byte equaling one character in a file.
CACHE [disk] – Area of memory set aside to hold recent data. All programs
then read recent data from that memory rather than from disk.
CLUSTER – a phyical block on all [hard] disks, composed of sectors, that
COM – file extension for a file that is executable from DOS level DD – abbrv for "dirty dozen" DOC – abbrv for "documentation" EMS – Enhanced Memory Specification. An EMS card holds 2 MB extra mem. EXE – file extension for a file that is executable from DOS level HACKED – see "definitions" section HIGH LEVEL FORMAT – This type of format is what most computer users view as
a regular DOS-format. That is, formatting a disk using FORMAT.COM (included with DOS) is a high level format.
IBM – International Business Machines IBM OR COMP – IBM computer or a 99% or greater IBM Compatible computer KB – Abbreviation for "KiloBytes," one Kb equals 1024 bytes LBR – Extension on Library files. Library files are really
many combined files like ARChives, but they require different utilities to extract the individual files. Some examples of such utilities are LUU.EXE, LUE.EXE, LAR.EXE, AND ZIP.EXE. See "ARC"
LOW LEVEL FORMAT – This type of format is only executed on a hard disk, therefore
most hard disk low-level format programs come only with a hard disk controller card. There are a few PD low-level formatting packages, though. Most manufacturers low-level format their hard drives at the factory. Low level formatting is the first step in the three part formatting process; the second step is to use FDISK, and the third is to execute a high level format.
MB – abbrv for "Megabytes," or "millions of bytes." MISC – abbrv for "miscellaneous" OPTIMIZE – to make all files on a disk "contiguous," or physically linked
together on a [hard] drive.
PATCH – a file that is patched (combined) into another file
to change the original file in some way
PD – abbrv for "Public Domain" PIRATED – see DEFINITIONS section in this issue. RAM – abbrv for "Random Access Memory." (memory used by software) RBBS – abbrv for RBBS-PC, a type of BBS (Remote Bulletin Board System) ROM – abbrv for "Read Only Memory." (memory used by hardware to boot) SYSOP – SYStem OPerator of a BBS *TROJAN* – see DEFINITIONS section in this issue. TROJAN HORSE – see DEFINITIONS section in this issue. TSR – abbv for "Terminate, Stay Resident" Synonym = "Memory Resident" TXT – abbrv for "text" USU – abbrv for "usually" UNP – abbrv for "unprotect" UNPROTECT – an "unprotect file" is a patch file that results in the
breaking of copy protection (no doubt for back up purposes).
UTIL – abbrv for "utility" WORM – Trojan Horse ZOO – All files compressed with ZOO.EXE bear this file extension.
ZOO-compressed files are NOT compatible with ARC.EXE.
If you have any additions or corrections for this list, send them to Eric Newhouse at any of the following places: (in order of most frequented)
- The Crest RBBS (213-471-2518) (1200/2400) (80 MB)
[ This is my board ]
- The West LA PC-STORE (213-559-6954) (300/1200/2400) (50 MB)
- The Sleepy Hollow PCB (213-859-9334) (300/1200/2400) (108 MB)
- VOR BBS (415-994-2944) (300/1200/2400) (20 MB)
- The Source (leave E-mail to "Doctor File Finder" in IBM SIG #4)
Doctor File Finder (Mike Callahan) will relay your name
and update information to me.
End of file.