Shareware Overload

home *** CD-ROM | disk | FTP | other *** search

/ Shareware Overload / ShartewareOverload.cdr / utils / antivir1.zip / DD.8 < prev next >

Wrap

Text File | 1988-02-21 | 76KB | 1,454 lines

------------------------------------------------------------------ | | | THE DIRTY DOZEN -- An Uploaded Program Alert List | | | ------------------------------------------------------------------ | Issue #8: February 21, 1988 | | | | Revision stage 'A' | | | | Maintained by Eric Newhouse | | Originally by Tom Neff | ------------------------------------------------------------------ Recently, many unlawfully copied or modified programs have appeared on various IBM bulletin boards across the country. THE DIRTY DOZEN lists known examples. The author takes no responsibility for the validity or completeness of this list. Many sources contribute to the list, and it is very possible that one of the reported 'dirty' files works perfectly and is in the Public Domain. Also, users upload bad software to bulletin boards daily, and often times that bad software is not yet in this list. In other words, if you run a trojan horse that is not listed in here, please don't call my board to complain; rather, leave me a message so that I can place the destructive program in the next issue. If you are unsure whether a file is trojan, and it's not listed in here, then I recommend using a utility like BOMBSQAD.COM to prevent any mishaps. Bombsqad, available on my board, catches most trojan horses before they can damage your equipment. There are five major categories of bad software: commercial pirate jobs, unauthorized copies of otherwise legitimate freeware programs, malicious "TROJAN" programs which damage your system, "VIRII," which damage your and your friends' systems, and miscellaneous illegal software. Please look in the definitions section of this document for a more detailed explanation of these terms. SysOps: Please be careful with the files you post in your download libraries! A professional quality program should arouse your suspicions, especially if it doesn't include the author's name, address, and distribution policy. Such programs are probably NOT public domain! The BBS community is already under legislative threat at the State and Federal level. We cannot fight this trend effectively while our directories sit stocked with cracked games, virii, and malicious "trojan horses!" Let's demonstrate a little social responsibility by cleaning up our download libraries. If you as a SysOp have any of these files on your system, please delete them and post "blocking" dummy file entries like this one: ZAXXON.COM DELETED!! NOT PUBLIC DOMAIN!! By working together to fight this new brand of software, perhaps we can eliminate BBS pirates, trojan horse writers, and legislation aimed at regulating BBS's. The "Dirty Dozen" aims to bring this important issue to the attention of more SysOps and users - to act as an information "clearing-house" for the latest known examples of "bogusware." Using information gleaned from the Dirty Dozen, an educated public can fight effectively for safe downloadable files. The Dirty Dozen needs your help to succeed! Please call in any updates of bad software that you know of, but DO NOT modify this article yourself. If everyone who discovers a pirated program starts modifying the DD, there would be hundreds of issues in circulation. If you have an update, please see the end of this article for information on how to reach me with new information. In addition, I would like to publicly apologize to Mr. Gerhard Barth. In previous issues, I criticized him for distributing a modified version of the dirty dozen. Thanks to a few messages from Karl Brendel, I now know that Gerhard runs a fine well maintained bulletin board that maintains copies of the true dirty dozen. Gerhard, I'm sorry for any hassles I may have caused you. One can be sure of only one thing about hard disks, and that is that they will crash. Often times a user will blame a program for a hard disk failure when in fact his problem lies in his/her hardware. Remember, a Trojan rumor is much easier to START than it is to STOP. Some people have accused legitimate *joke* programs, such as DRAIN.COM (which pretends to be gurgling excess water out of your A drive) of erasing their hard drive. If a program locks up your system, it isn't necessarily Trojan; it might not like co-residing with your graphics card or some TSR's. Ask other users about the program in question before you dennounce it as Trojan. Run the program again (on your empty drive) to confirm its malicious intent. In short, make 100% sure that the program is trojan before ruining the author's reputation. Also, I would appreciate a bagged specimen of any real Trojan program that you might have the (un)luck to find. A user of mine has notified me that some pirates have patched HARDHAT.COM and PANGO.COM to read "cracked by Eric Newhouse." This is ridiculous! Please disregard any programs that you may come across in the future advertising "copy protection busted by Eric Newhouse." Pirates are simply trying to discourage me from publishing this list. Recently someone asked me why pirates don't rename commercial files inorder to fool SysOps. They do! For example, AUTODEX circulates under many different names. Although I will try to keep all of these names current in the DD, the best way to check for piracy in a file is to run that file yourself. Check for (C)opyright notices of commercial manufactures, similarities in the cosmetics and operations of commercial programs, and of course whether the name or filesize is in this list. Finally I want to thank all BBS SysOps and users that have sent me updates, additions, and/or corrections to DIRTYDOZ.007. It's great to see so much support! In this issue more people than ever called in with updates. Everyone else who reads this list, along with myself, really appreciates the effort! DEFINITIONS: *VIRUS* (V) BEWARE!! Especially prevalent in universities and corporal computers, computer virii can wreak havoc. They, like biological virii, attack slowly, originating on one computer and proliferating with time. Virii infect a portion of a computer, usually the operating system. Most virii modify floppy disks (that may or may not be transported to other computers), adding diabolical code that instruct other computers to replicate the virii for still more computers. In other words, the floppies become virii themselves; they can be passed around to other people to create more virii. Virii can be programmed to sit dormant for months before acting, just like some biological virii (AIDS comes to mind). Users can unwittingly replicate a virus many times. If people know how to spot virii, however, they can usually prevent damage. Virii generally add their code to COMMAND.COM, IBMBIO.COM, or IBMSYS.COM. These three files, which DOS places on every system disk, are the only files copied to other disks and run on other machines often enough to do any damage. If you see the filesizes on these files change, beware a virus! Your computer provides a small line of defense against Virii already! IBMBIO.COM and IBMSYS.COM are READ-ONLY files; that is, only a very sophisticated virus can add code to them. COMMAND.COM, however, is NOT read only. Therefore, I advise that EVERYONE make their COMMAND.COM read-only using a utility program such as FILEATTR.COM (available on my board in ARC format), or PC-Tools. This will give COMMAND.COM some basic protection, and since few people ever write to their command processor, this process should not cause any undue hassles. Keep in mind, though, that if you ever want to upgrade your version of DOS you will have to change COMMAND.COM back to a regular (not read-only) file. For further information on Virii, everyone may download VIRUS.ARC from my board. *TROJAN* (T) These programs PURPOSEFULLY damage a user's system upon their invokation. They almost always will shoot to disable hard disks, although they can destroy other equipment too. It is IMPERATIVE that you let me know about any new examples of these that you find. There are more than one way a TROJAN can disable your hard disk. For a comprehensive list of examples, please skip to "What to do if you run a trojan horse" later in this document. HACKED (H) An unlawfully modified copy of an otherwise legitimate public domain or user-supported program. It is illegal to distribute a modified copy of someone else's work without their permission! All modified programs must contain this permission, either in the program's display or documentation. *CAUTION* (C) Programs labeled in this manner may or may not be trojans; the question is unresolved. Use caution when running these programs! PIRATED (P) This is an illegal copy of a commercial, copyrighted program. Examples: a cracked (de-protected) game, a compiler, editor or other utility, or a Beta test copy of a program under development. In the latter case, the program in question may never make it to market due to the piracy! In the case of games, there's a tendency for the pirate to patch a clumsy "PUBLIC DOMAIN" notice over top of the original copyright. ZAXXON.COM is a prime example. MISC (M) This is miscellaneous illegal software and/or text. The best definition, aside from that, that I can think of is that it's NOT pirated software. NOTE: If I do not supply a file extension, that means that the file circulates under many different extensions. For instance, users commonly upload with extensions of either: .EXE, .COM, .EQE, .CQM, .LBR, .LQR, and .ARC. ------------------------------------------------------------------ | VIRII | ------------------------------------------------------------------ Name Size Category Notes ------------- ------ - ----------------------------------------- ????????.??? ?????? V There is a virus that was circulating around Bitnet in December that advertises "great Christmas graphics;" in fact the program replicates as many copies of itself as it can, tying up large systems (ie. Bitnet). *.EXE, *.COM ANY V Any of your executable files may contain a virus in it. Don't Panic, though; this virus is detectable! If you have an infected file, it will increase the size of all other .EXE files run thereafter by 1808 bytes and all .COM files by 1813 bytes upon invocation. Now you know how to recognize this virus. Be sure to look out for it, because the symptoms it creates are very nasty. The virus increases the size of .EXE files repeatedly - not just once. While this is a boon in recognizing the virus, it also means that eventually all affected .EXE files will become to large to fit in memory. The virus also slows down computers by as much as 500% after it has spread. Watch for this symptom! Perhaps most deadly, on any Friday the 13th, this virus will erase AT LEAST all .EXE and .COM files that you run, and AT WORST your whole disk. The next Friday the 13th is May 13, 1988. COMMAND.COM ????? V This is a traditional Virus. Originating in colleges and universities accross the nation, this virus will embed itself in COMMAND.COM. Once there it will copy itself onto FOUR floppies before scrambling your FAT and initiating a format. Beware! In one known instance, the virus does NOT change the filesize of COMMAND.COM, but it does change the date. QMDM31B.ARC ?????? V The latest official release of Qmodem, as of this writing, is 3.1a. This version, which is less than 1 KB bigger than the Archive for 3.1a, will add 17 bytes to your IBMBIO.COM file. Beware; while I don't know how this virus works, I do know that there's NEVER any reason to add 17 bytes to IBMBIO.COM. Note: IBMBIO.COM is a READONLY file. In other words, here is the first trojan that can write past a "write protect;" this virus acts when it theoretically shouldn't be able to. ------------------------------------------------------------------ | TROJAN HORSE PROGRAMS: | ------------------------------------------------------------------ Name Size Category Notes ------------- ------ - ----------------------------------------- 123JOKE T This so-called utility for Lotus 123 rewrites [hard] disk directories. ANTI-PCB T The story behind this trojan horse is sickening. Apparently one RBBS-PC sysop and one PC-BOARD sysop started feuding about which BBS system is better, and in the end the PC-BOARD sysop wrote a trojan and uploaded it to the rbbs SysOp under ANTI-PCB.COM. Of course the RBBS-PC SysOp ran it, and that led to quite a few accusations and a big mess in general. Let's grow up! Every SysOp has the right to run the type of BBS that they please, and the fact that a SysOp actually wrote a trojan intended for another simply blows my mind. ALTCTRL.ARC T This program reputedly trashes boot records. Other than that, I know nothing about it. ARC513.EXE T This hacked version of SEA's ARC.EXE appears normal. However, it writes over track 0 of your [hard] disk upon usage, destroying the disk's boot sector. ARC514.COM T This is completely similar to arc version 5.13 in that it will overwrite track 0 (boot sector) of your hard disk. Also, I have yet to see an .EXE version of this program.. BACKALLY.COM 64512 T This sophisticated trojan will axe your FAT table after a couple of months of usage. Beware the delayed trojan! Backally MAY only work on floppy disks, but that sounds unlikely. Debug has shown that BACKALLY formats a track at one point as well as reading in the amount of freespace on your disk. It may only wipe out full disks, like NOTROJ. Please, be wary! An included .BAT file comes with a request for donations to "SomeWare" located in Frederickburg, VA. Look out for other products from SomeWare! BACKTALK T This once beneficial utility will write/destroy sectors on your [hard] disk drive. Use this with caution if you acquire it, because it's more than likely that you got a bad copy. CDIR.COM T This program supposedly gives you a color directory of files on disk, but it in fact scrambles your disks FAT table. COMPRESS.ARC T This trojan, dated April 1, 1987, destroys FAT tables. COMPRESS is executed from a file named RUN-ME.BAT and is advertised as a 'Shareware 'ARC' from Borland!' DANCERS.BAS T This trojan shows some animated dancers in color, and then proceeds to wipe out your [hard] disk's FAT table. There is another perfectly good copy of DANCERS.BAS on BBS's around the country; apparently the author altered a legitimate program to do his dirty work. DEFENDER.ARC T This trojan both writes to ROM bios and formats [hard] disks. The Duplicators claim credit for this trojan; be ware of other products by them. Also, do not confuse this trojan with DEFENDER by Atari. The latter is a pirated program. DISCACHE.EXE T This program uses direct BIOS routines to write to disk. Apparently, those BIOS routines will scramble your FAT table. Please see DISCACHE.WNG, a file that I'm looking for myself, for more information. DISKSCAN.EXE T This was a PC Magazine program to scan a [hard] disk for bad sectors, but then a joker edited it to WRITE bad sectors. Also look for this under other names such as SCANBAD.EXE and BADDISK.EXE... DMASTER T This is yet another FAT scrambler.. DOSKNOWS.EXE T I'm still tracking this one down -- apparently someone wrote a FAT killer and renamed it DOSKNOWS.EXE, so it would be confused with the real, harmless DOSKNOWS system-status utility. I'm pretty sure that sure is that the REAL DOSKNOWS.EXE is 5376 bytes long. If you see something called DOSKNOWS that isn't close to that size, sound the alarm. More info on this one is welcomed -- a bagged specimen especially. The malicious DOSKNOWS contains the string "Ouch! Dos refused to tell me! Sob, sob, sob." DPROTECT T Apparently someone tampered with the original, legitimate version of DPROTECT and turned it into a FAT table eater. DROID.EXE 54272 T This trojan appears under the guise of a game. You are supposably an architech that controls futuristic droids in search of relics. In fact, the program copies C:\PCBOARD\PCBOARD.DAT to C:\PCBOARD\HELP\HLPX if PC-Board SysOps run it from C:\PCBOARD EGABTR T BEWARE! Description says something like "improve your EGA display," but when run it deletes everything in sight and prints "Arf! Arf! Got you!" ELEVATOR.ARC T This poorly written trojan suggests in the documentation that you run it on a floppy. If you do not run it on a floppy, Elevator chastises you for not reading the documentation. Regardless of what disk you run it on, Elevator will erase your files. It MAY format disks too; be careful. One more interesting point to note: my name is plastered all over this program; the writers attempt to lay the blame for this trojan on me. EMMCACHE ???? C This program is not exactly a trojan, V. 1.0 but it may havethe capability of destroying hard disks by: A) Scrambling every file modified after running the program, B) Destroying boot sectors. This program has damaged at least two hard disks, yet there is a base of happily registered users. Therefore, I advise extreme caution if you decide to use this program. FILER.EXE T One SysOp complained a while ago that this program wiped out his 20 Megabyte HD. I'm not so sure that he was correct and/or telling the truth any more. I have personally tested an excellent file manager also named FILER.EXE, and it worked perfectly. Also, many other SysOp's have written to tell me that they have like me used a FILER.EXE with no problems. If you get a program named FILER.EXE, it is probably allright, but better to test it first using some security measures. FINANCE4.ARC ?????? C This program is not a verified trojan, but there is a file going around BBS's warning that it may be trojan. In any case, execute extreme care with it. FUTURE.BAS T This "program" starts out with a very nice color picture (of what I don't know) and then proceeds to tell you that you should be using your computer for better things than games and graphics. After making that point it trashes your all of your disk drives, starting with disk A:. Not only does Future scramble FATs, but it also erases files. As far as I know, however, it erases only one sub-directory tree level deep, thus hard disk users should only be seriously affected if they are in the "root" directory. More information about this is especially welcome. MAP T This is another trojan horse written by the infamous Dorn W. Stickle. I believe that there are legitimate MAP.EXEs floating around. NOTROJ.COM T This "program" is the most sophisticated trojan horse that I've seen to date. All outward appearances indicate that the program is a useful utility used to FIGHT other trojan horses. Actually, it is a time bomb that erases any hard disk FAT table that IT can find, and at the same time it warns: "another program is attempting a format, can't abort!" After erasing the FAT(s), NOTROJ then proceeds to start a low level format. One extra thing to note: NOTROJ only damages FULL hard drives; if a hard disk is under 50% filled, this program won't touch it! If you are interested in reading a thorough report on NOTROJ.COM, James H. Coombes has written an excellent text file on the matter named NOTROJ.TXT. If you have trouble finding it, you can get it from my board. TIRED T Another scramble the FAT trojan by Dorn W. Stickle. TSRMAP T This program does what it's supposed to do: give a map outlining the location (in RAM) of all TSR programs, but it also erases the boot sector of drive "C:". PACKDIR T This utility is supposed to "pack" (sort and optimize) the files on a [hard] disk, but apparently it scrambles FAT tables. PCLOCK T This program reputedly destroys FAT tables! Be careful! Also, please bear in mind that there are more than one PCLOCK programs in circulation, so please don't confuse the trojan program with a legitimate one. Simply excercise EXTREME caution when running a NEW PCLOCK program. PCW271xx.ARC T A modified version of the popular PC-WRITE word processor (v. 2.71) has now scrambled at least 10 FAT tables that I know of. If you want to download version 2.71 of PC-WRITE be very careful! The bogus version can be identified by its size; it uses 98,274 bytes wheras the good version uses 98,644. For reference, version 2.7 of PC-WRITE occupies 98,242 bytes. PKX35B35.EXE T As of this writing, Phil Katz (author of PKXARC) has verified that version 35A35 is the latest version of his ARChive extractor. This phony PKXARC scrambles FAT tables. QUIKRBBS.COM T This Trojan horse claims that it can load RBBS-PC's message file into memory 200% faster than normal. What it really does is copy RBBS-PC.DEF into an ASCII file named HISCORES.DAT... QUIKREF T Little is known about this trojan, other than it scrambles FATS RCKVIDEO T This is another trojan that does what it's supposed to do, then wipes out hard disks. After showing some simple animation of a rock star ("Madonna," I think), the program erases every file it can lay it's hands on. After about a minute of this, it will create 3 ascii files that say "You are stupid to download a video about rock stars," or something of the like. SCRNSAVE.COM C I know nothing about this program, but a user of mine reports that it erases HD's. SECRET.BAS T BEWARE!! This may be posted with a note saying it doesn't seem to work, and would someone please try it. If you do try it, however, it will format your disks. SEX-SNOW.ARC T This trojan deletes all of the files in your directory and creates a gloating message using those filenames. Ugly. SIDEWAYS.COM T Be careful with this trojan; there is a perfectly legitimate version of SIDEWAYS.EXE circulating. Both the trojan and the good SIDEWAYS advertise that they can print sideways, but SIDEWAYS.COM will trash a [hard] disk's boot sector instead. The trojan .COM file is about 3 KB, whereas the legitimate .EXE file is about 30 KB large. STAR.EXE T Beware RBBS-PC SysOps! This file puts some stars on the screen while copying RBBS-PC.DEF to another name that can be downloaded later! STRIPES.EXE T Similar to STAR.EXE, this one draws an American flag (nice touch), while it's busy copying your RBBS-PC.DEF to another file (STRIPES.BQS) so Bozo can log in later, download STRIPES.BQS, and steal all your passwords. Nice, huh! SUG.ARC T Words can not express my feelings about this trojan. SUG.ARC advertises that it can break SOFTGUARD copy protection, but upon invocation, it will scramble the FAT's on drive A, B, C, and onwards to your higest drive. While this is certainly a nasty trojan, it is particularly repulsive because Softguard Corp, the creators of Softguard copy-protection, wrote it - perhaps in response to declining business. They claim that anyone who runs SUG is breaking an original license agreement; therefore they may legally destroy data. I don't credit this, and neither does an attorney I know, so I eagerly anticipate Softguard's day in court. TOPDOS T This is a simple high level [hard] disk formatter. Do not confuse this with the pirated TOPDOS.COM. VDIR.COM T This is a disk killer that Jerry Pournelle wrote about in BYTE Magazine. I have never seen it, but two users of mine have. VISIWORD.ARC C A user of mine called this trojan in complaining that it destroyed his hard disk. Other than that, I know nothing about this program. ------------------------------------------------------------------ | HACKED PROGRAMS: | ------------------------------------------------------------------ | | | '*' = not verified by program's author | | | ------------------------------------------------------------------ ARC.COM H Someone keeps running SPACEMAKER or a similar EXE squeezer on SEA, Inc.'s ARC archive program, then uploading the resulting COM file to BBS's without the author's permission. SEA will NOT support the COM version, for they definately do not allow modifying ARC.EXE in their license agreement. AUTOMAXX.ARC C This DOS menu-making program comes with documentation that Marshall Magee, author of the popular AUTOMENU program, contends is plagiarized. Marshall believes that the AUTOMAXX documentation uses exact phrases from his documentation, and if this is the case, AUTOMAXX is clearly illegal. However, as I understand it, the courts are currently deliberating on the case, so AUTOMAXX is not currently illegal. of today. For more information, please contact Marshall Magee at (404) 446-6611. DOG101A.COM * C This may be hacked; keep an eye out for it as well as DOG102A.COM. DOG102A.COM * H Apparently this is a renamed early version of DP102A.ARC, a disk optimizer. One person has reports that it trashes hard disks that use DOS 3.1 (2KB clusters). LIST60 H Vern Buerg's LIST 5.1, patched to read 6.0. Mr. Buerg has released a legitimate version 6.0 of LIST. Every legit. version will have a letter in the filename (e.g. LIST60H.ARC) LIST799 H Vern Buerg's LIST 5.1, patched to read 7.99. QMDM110.ARC H This is version 1.09 of Qmodem patched to read 1.10. There have been rumors of a worm in 1.10, but I have seen no evidence of it. Other versions are OK. ------------------------------------------------------------------ | PIRATED PROGRAMS: | | | | | | TYPES: | | Game (G) -- Recreational Software, usually high Quality | | Util (U) -- a disk, screen, or general utility | | Misc (M) -- Miscellaneous (not a game or utility) | ------------------------------------------------------------------ Note: While close to 98%-99% of BBS's that I've seen do NOT distribute pirated files, the small minority that do slander the reputations of honest SysOp's nationwide. Unfortunately, 1%-2% of thousands of BBS's is a sizable number. Over the last couple of years this 1%-2% has distributed so many files that even the most conscientious SysOp can hardly hope to recognize all commercial software. You may ask: "How can we fight piracy, then?" SysOp's and users alike must search ALL programs for signals that can reveal a program as commercial. Look for Copyright signs. Suspect good games with sparse if any documentation. If you notice that a program is pirated, calmly inform your local SysOp's of the menace. In order to beat piracy, we must communicate! Name Size Category Notes ------------- ------ -- ---------------------------------------- 1DIR.COM PU "The ONE Dir": DOS shell. 21C.EXE PG Blackjack, copyright by IBM ACUPAINT.ARC 148221 PM PC Paint AFOX.ARC PG Artic Fox by Electronic Arts ALLEYCAT.COM PU "Alley Cat" - CGA ALTEREGO.ARC 45???? PG Alter Ego game from Activision ARCHON.COM PG Electronic Art's Archon. ARTOFWAR PG Ancient Art of War by Broderbund AUTODEX PU AUTODEX, file manager AXX.EXE PU Also AUTODEX B1-BOMB PG Avalon Hill's B1 Bomber BATTLE PG Battle Zone BBCHESS PG Blues Box Chess BC-QUEST PG Bc's Quest for Tires BIGMAC.ARC PU Borland's Superkey BORDERZO.ARC 205824 PG Infocom's Borderzone BORROWED.ARC PG Borrowed Time BRUCELEE PG Bruce Lee BUCK PG Buck Rogers on Planet Zoom BURGER PG Burgertime BUSHIDO PG Karate Game by a manufacturer in Canada. BUZZBAIT PG Buzzard Bait CALL2ARM PG Call to Arms CENTIPED PG Be careful with this one. At least two other legitimate, PD copies of Centipede are in circulation. The pirated one is supposedly PUBLIC DOMAIN BY ATARI. Yeah, Right. CMASTER.ARC PG Chess Master 2000 by Electronic Arts COMMANDR.ARC PG Norton Commander COSMIC PG Cosmic Crusaders COPYRITE PU Quaid Software's COPYWRITE COPYWRIT PU Quaid Software's COPYWRITE again COSMIC PG Cosmic Crusaders again CROSFIRE.COM PG Crossfire CRUSH-CC.ARC PG Crush, Crumble & Chomp DAMBUST.ARC PG Dambusters by Accolade cracked DEB88.EXE PM DeSmet 'C' debugger DECATH PG Microsoft's Decathalon DEFENDER PG Defender, by Atari DIGDUG.COM PG Dig Dug, also by Atari DIGDUG.COM PG Dig Dug again DISKEX PU Quaid's Disk Explorer DOSHELP.EXE PU This is really Central Point Software's PC-tools. One special note: poorly written documentation usually accompanies this file. In the documentation ERIC HSU asks for a monetary contribution to his bbs. Well, It seems that this was a poor attempt to damage ERIC HSU's reputation; Eric is a legitimate SysOp in the Houston area. DOSMENU.ARC 208240 PU INTECH'S DOSMENU - Opening screen says "PC DOS MENU SYSTEM 5.0." - (C) is on the bottom of the screen. DOSSHELL PU Autodex again DRL PG Avalon Hill's "Dnieper River Line." DIPLOMCY PG Avalon Hill's "Computer Diplomacy" game. EGADIAG PU Quadram EGA (Quad EGA+) diagnostics. EINSTIME PU IBM internal utility EXPLORER.COM PU Quaid Disk Explorer again EVOLUTIO PG Evolution F15 PG F-15 Strike Eagle FALCON.ARC PG Falcon by Spectrum Holobyte - flight sim FIGHTER.ARC PG Sublogic's JET FILEEASE PU A File manager FILEMGR PU Filemanager by Lotus Devel. Corp. FILEMAN.COM 1???? PU Also Filemanager FINDIT PU IBM internal 'locate a file' utility FSDEBUG PU IBM's Full Screen Debug program.. GOLDCUP PG Gold Cup championship soccer GOLF21.ARC PG Golf's Best version 2.1 GREMLINS.COM PG Gremlins HARDHAT.COM PG Hard Hat Mack HIGHORBT PG High Orbit (like Star Wars) HOOP.COM PG One-on-1 by Electronic Arts ID PU Persyst Ram disk software IBM21 PG 21c again IKARI.ARC 210944 PG Ikari Warriors - CGA/EGA, joystick reqd. IPLTIME.COM PU IBM Internal Clock utility JBIRD PG Jbirds -- Q-bert Game JEOPARDY 195??? PG Jeopardy, the game show. JET PG Jet JETDRIVE.ARC PU Jet Drive -- copies files quickly JOUST PG Joust. There is a 6K, PD version KEYWORKS.ARC PU Keyworks macro program, usu. version 2.0 KOBAYASH.ARC PG Star Trek -- The Kobayashi Alternative KONG PG Donkey Kong LIGHTNIN PU Can be either the cache or spell checker MACE+ PU Paul Mace's MACE+ utilities MACROS PU Again Superkey - sometimes Prokey MEDMAG.COM PU Quaid Software's Media Magician MINER49R.ARC PG Miner '49er MISSLEC PG Missle command MONTYS.COM PG Montezuma's Revenge MOONBUGS PG Moon Bugs MS PU IBM utility. MTS PU IBM Multitasker like Double-Dos MULE PG M.U.L.E -- players is on alien planet MULTASK PU MTS again MURDRBY# PG Murder by Numbers by Electroni Arts MUSICCON PM Music Construction Set, also by EA NFL.ARC PG Xor's NFL challenge. NGHTSTLK PG Night Stalker NICE PM NicePrint - printer controller NODISK-A.COM PU Central Point software's Nokey NORTON.COM PU Peter Norton's Utilities ANORTON.ARC PU Peter Norton's Advanced Utilities NOVATRON PU Tron light cycles ONE-ON-1 PG One-on-1 basketball game, again PATHMIND PU Pathminder, Dos Shell PC-POOL PG Pool PC-TOOLS PU Central Point Software's PC-tools PCBOSS PU DOS shell PCED PU Pro CED, DOS command line editor EII PU IBM Personal Editor II PINCONST PG Pinball Construction Set by EA POOL.ARC PG PC-POOL again POPALARM.COM PU Part of POP DOS POPDOS.ARC PU TSR DOS utilities PRIME PU Columbia Data Co. hard disk utility. PROKEY PU Prokey macros program PROMPRPH PG Star Trek -- The Promethian Prophesy PSHIFT PU Memory Shift PSRD.ARC PU IBM utility (redirects PrtSc) QDOS PU Quick DOS QUCKDOS PU Quick DOS QIX PG Qix RACTER PG Racter RASTER-B PG Raster Blaster RE.ARC PG Romantic Encounters at the Dome RIGHTW PU Right Writer (writing style checker) ROBOTRON PG Robotron, hacked to read PUBLIC DOMAIN BY ATARI. Do pirates have any imagination? ROGUE.EXE PG Game very similar to the PD: HACK.EXE ROMANTIC PG Romantic Encounters at the Dome, again SEADRAG.ARC PG Sea Dragon SEE PM DeSmet editor SFX PU Autodex (again!) SKYRUNER PG Sky Runner, $14.95 game. SM.COM PU Realia's Spacemaker utility. .EXE->.COM SMAP PU IBM Internal utility, with the copyright notice and real author's name replaced by "Dorn W. Stickle". SNIPER PG Sniper -- arcade action type game. SOLOFLT.ARC PG Solo Flight (by SSI?) cracked SPYHUNT PG Bally's Spy Hunter STARFLIT.ARC 30???? PG Electronic Art's Star Flight STARGATE.EXE 57??? PG Hacked to say "PUBLIC DOMAIN BY ATARI," but don't you believe it! Be careful not to confuse this arcade game with the public domain STARGATE MERCHANT game, which is a little 12 KB BASIC program by G. E. Wolfworth. STRIPKR PG Strip Poker by Artworx SUBCMDR.ARC PG Gato cracked: SUBCMDR.EXE & overlays SUPERCAD PM Easy CAD SUPERCAD.LQR 242660 PM Easy CAD again. SUPERKEY PM Superkey again TEMPOFAP PG Temple of Apshai THEQUEST.BAS/EXE PG The Quest TIRES.EXE PG Bc's Quest for Tires again TREASURE PG Pirate's Treasure TROJAN.ARC 304128 PG Trojan - CGA/EGA, (C) 1987, like D&D. TWIN.ARC 22784 PU Central Point's Copy II PC TWINCOPY.ARC 22784 PU Also Copy II PC ULTIII 111616 PG Origin's Ultima 3 ULTIMA2.ARC 84992 PG Origin's Ultima 2 UTILITY PU Norton's Utilities Arced and with the file names changed. When run, however, the programs display the copyright notice of Peter Norton. Many other pirated utilities could also go under the name UTILITY. VOYAGERI PG Avalon-Hill Game VS PU Also INTECH'S DOSMENU WCKARATE PG World Championship Karate by Epyx WG-BBALL PG World's Greatest Baseball Game by SSI WGAMES PG World Games by Epyx WOF.ARC PG Wheel of Fortune WORSTR PU Word Star XDIR PU Pre-release version of DOS FILE TRACKER XTREE PU DOS shell XTREE+ PU Xtree Plus ZAXXON PG Hacked to say "PUBLIC DOMAIN BY SEGA." (sound familiar?) ------------------------------------------------------------------ | MISCELLANEOUS ILLEGAL FILES: | | | | TYPES: | | Game (G) -- Recreational software | | Patch (P) -- Modification to another program usually | | performed through debug. | | Text (T) -- Text / Documentation File | | Util (U) -- Utility of some sort | ------------------------------------------------------------------ Name Size Category Notes ------------- ------ -- ---------------------------------------- COPYWRIT 2??? MP Although the real COPYWRITE is going around Bulletin Boards like fire, there is another illegal file under the same name. The former takes around 40 KB ARC-ed, whereas this takes about 2 KB. What I'm referring to is an archive of 1-3 files that explains how to remove the serial numbers from copywrite. Now it's allright to "unprotect" a program for backup purposes, but removing serial numbers can only lead to piracy. LOCKPICK MT This is a text file, usually with a .TXT extension, that casually explains how to pick locks. This is not illegal, but it's definitely in poor taste. It could be used as evidence against a burglar, though. MONEY.ARC MT This text file claims that with minimal MONEY.TXT 11648 effort YOU can become a millionaire. This text file, as some of you may know, is simply another chain (pyramid) letter that is of course illegal. A pyramid writer sends a letter to four people requesting money. Then, according to the pyramid writer's plan, those four will send letters to four more asking for money for themselves and the original writer. Unfortunately when the chain breaks people lose money. What one person gains someone else must lose. That's why this type of letter is illegal. MONOPOLY MG Finally I am SURE that this file violates Parker Brother's rights to the famous boardgame. Don Gibson has agreed that monopoly should NOT be distributed anymore, so SysOps, please remove this file from your download directories. MOVBASIC or MU This highly illegal file breaks IBM's SBASICA or copyright on BASIC and BASICA. It SBASIC creates new files called SBASIC or SBASICA that run "IBM BASIC" on an IBM clone. C'mon, don't you think that these clones don't run IBM BASICA for a good reason? The clones don't support BASICA because it's illegal! This file comes with Alloy's PC-Slave card. Alloy has a license agreement, and users of the PC-Slave are allowed to create copies of IBM BASIC for themselves. NO ONE ELSE IS. Stop complaining that this file is legal, people; this is one of the more blatent cases of piracy that I've seen. PCOTHELO.ARC CMG Based on the Monopoly case, I expect this is probably illegal too. In fact, every copyrighted board game on BBS's is probably illegal. XTALK MP Like Copywrite, there is a patch circulating BBS's to remove the serial numbers from Crosstalk. ------------------------------------------------------------------ | Many thanks for updates to version 8.0 from: | ------------------------------------------------------------------ | | | 1. John Abolins | | 2. Randall Splinter | | 3. Mike Topf | | 4. John White | | 5. Gary Thomas | | 6. Bob Ackerman | | 7. Nich Sochs | | 8. Don Gibson | | 9. Russ Goodwin | | 10. You? | ------------------------------------------------------------------ This is the end of the "bad files list." The rest of this document contains instructions on what to do if YOU run a trojan horse, an update history, a glossary, and information on how and where to contact me with updates. ------------------------------------------------------------------ | If you run a trojan horse.. | ------------------------------------------------------------------ While reading this, bear in mind that there is no better remedy for a drive that has run a trojan horse than a recent backup.. AARGH! Perhaps your hard disk sounds like a sick moose. Perhaps your drive light starts flashing repeatedly, like a police car's lights. Perhaps your drive just sits in the computer, and the computer doesn't acknowledge its presence. Having watched my drive crash many times, I can understand the frustration you will feel after your hard disk conks out. While a faulty hard drive, disk controller, or cable can make these ailments uncurable without spending a lot of money, usually you CAN recover from a trojan horse with only investing a little time. After running a trojan horse, the first thing to do is calm down. Face the situation stoicly; it may prevent your hair from turning gray. Diagnose the damage. Was your [hard] drive formatted? Did the trojan scramble your FAT table? Did it erase every file? Did it erase or format your [hard] drive's boot sector? The odds are that the trojan incurred one of these four disasters.. After a successful diagnosis, you are ready to remedy the problem. 1) If the trojan low-level formatted your [hard] disk: Hope that you have a recent backup; that's the only remedy for this disease. 2) If the trojan high-level formatted your [hard] disk: About a year ago Paul Mace introduced a way to recover formatted data. Unfortunately, most programs can only recover formatted data COMPLETELY if you run a "snapshot" program right before the format. The reason: DOS fragments large files and without an accurate map of the formatted disk, unformatters have problems dealing with such files. You will need one of these three programs to recover your disk if the trojan formatted it: 1. PC-Tools (Central Point, $79.95 retail) 2. Mace+ Utilities (Paul Mace $99.95 retail) 3. Advanced Norton Utilities (Peter Norton, $150.00 retail) There is at least one other program that can unformat disks, but the name of it is slipping my mind. As of this printing, PC-Tools probably has the best unformatter. It can reputedly reconstruct formatted disks regardless of the disks state of fragmentation. PC-Tools may not be right for your other disk management needs, however, so you should talk to a salesmen about these products before making a purchase. 3) If the trojan scrambled your FAT table: Sector editors such as those included in the Norton Utililites, PC-Tools, and a host of other popular utility packages (not Mace+) allow experienced users to piece their FAT backtogether from Gibberish. This avenue of recovery is only open to extremely proficient users, however. Everyone else, including myself, must rely on a FAT backup program to provide a feeling of security. FATBACK.COM (available on my board) will back up your FAT table in under a minute to floppy. FATBACK makes FAT backup easy and non time consuming. 4) If the trojan erased file(s), and the FAT table is undamaged: There are many commercial and public domain packages available that undelete deleted files. Norton Utilities, PC-Tools, MACE+, and UNDEL.COM will all do the job. The commercial products are all more reliable in undeleting, but they are also more expensive that the Public-Domain UNDEL. Always undelete your most recent files first; that is, undelete files in the order of last time written to disk. I know that PC-Tools automatically lists undeletable files in the correct order, but the other three may not. 5) If the boot sector on your hard disk gets erased/formatted: There are four things to do if this happens, and the worst that can happen is that you will go without a hard disk for a while. Backup before proceeding with any of the steps here, for you may have to destroy some files to restore your hard disk to boot status. A) Try doing a "SYS C:" (or "SYS A:") from your original DOS disk. Then copy COMMAND.COM back onto the hard drive. If your hard drive still won't boot then try step B. B) If you have the MACE+ utilities go to the "other utilities" section and "restore boot sector." This should do the job if you have been using MACE+ correctly. C) If you are still stuck, BACK EVERYTHING UP and proceed to do a low level format. Instructions on how to perform a low-level format should come with your hard disk controller card. Be sure to map out bad sectors using either SCAV.COM by Chris Dunford or by manually entering the locations of bad sectors into the low level format program. After the low level format run FDISK.COM (it comes with DOS) to create a DOS partition. Refer to your DOS manual for help in using FDISK. Then put your original DOS diskette in drive A: and type FORMAT <drive letter>:/S/V. <Drive letter> represents the letter of the disk you are formatting. Try rebooting again. D) If you are still stuck, either employ some professional computer repairmen to fix your drive, or live with a non-bootable hard drive.. ------------------------------------------------------------------ | Update History: | ------------------------------------------------------------------ Version 1.0 Tom Neff enters a dozen "bad" files in the initial "dirty dozen." Version 2.0 Sees the addition of a short introduction and 3 more files. Again, I play no role in this version. Version 3.0 I write version 3.0. Tom Neff appears to have lost interest in the DDoz, so I take over. I add 22 files and completely rewrite the introduction. Version 3.0 has a total of 37 files. Version 4.0 I add another 30 or so files to the list, making the DDoz 65+ files strong, as well as adding a few paragraphs to the introduction. Version 5.0 By the time I release version 5.0 to the public, the Dirty Dozen is being greeted favorably and with enthusiasm around the country. Updates start coming in with regularity; the list prospers (if one can say that about a list!). I add a few more paragraphs to the introduction and about 40 new files bringing the file total up to 103! Version 6.0 The Dirty Dozen is now such a big project that I am now writing it in stages. Although I am going to make absolutely no effort to spread these "intermediate versions," they will always be downloadable from my board. This way everyone can keep an extremely current, if only minorly modified, issue of the DD. You might think of stage "a" of issue #6 as version 6.1, stage "b" as version 6.2, stage "c" as version 6.3, etc. New in version 6.0 is the following: A) Many minor revisions, B) 17 more files, bringing the total to 120! C) Two new paragraphs in the introduction, D) Instructions on how to recover from a trojan horse, E) A comprehensive glossary, F) This update history, G) An acknowledgments section set up for major contributors of information regarding new bogusware H) A new bogusware catagory of "miscellaneous illegal software." Version 7.0 The major changes in this version take place in the revision stages. From 6.0a to 6.0l I add fifteen trojan horses, six commercial programs, two miscellanous files, and two hacked programs. I also rewrite part of the introduction, adding a paragraph, and I augment the glossary at the end of this document. While 6.0l contains a good deal of version 7.0; however, version 7.0 is considerably different than 6.0l. For example, I add seventeen new pirated programs, bringing the file total to a whopping 165! Moreover, I rewrite virtually every paragraph in order to 'stylize' (clean up the writing in) the document. Once again I would like to thank all users who called in updates to the Dirty Dozen; such users encourage me to keep maintaining the dirty dozen! Version 8.0 One of my hard disks has been down for about six months. Unfortunately version 8.0 was ready for release RIGHT before the hard disk crash, and, naturally, the new version was on the busted HD un-backed-up. Finally I've taken the time (about 50 hours) to just sit down and work with the Dirty Dozen. I feel guilty that I've held back the DDoz for so long, but fortunately until recently there have been NO trojan horses to report. In anycase, I have modified v. 7.0 of the Dirty Dozen extensively; changes include: 1) New illegal software category: VIRUS. Virii are potentially more dangerous than trojan horses. 2) New illegal software category: CAREFUL These file are suspect; excercise caution when running these unverified programs. 3) All paragraphs rewritten. There were quite a few cases of ambiguity in version 7.0; now I hope to have eliminated those cases. 4) New Field added for filesize. One of these days trojan horse authors will think and start uploading old trojans using new filenames. To combat this possibility, the Dirty Dozen now holds a filesize for EVERY new file added. This way you can crossreference file descriptions and filesizes to nip a trojan in the bud. 5) The Dirty Dozen is now printable. The right margin is now 66, so all printers should be able to print the DDoz without printing off the right side of the paper. 6) 1 new Virus added. 7) 9 New Trojan Horses added 8) 22 New Pirated programs added 9) 0 New Hacked programs added 10) 2 New Miscellaneous files added 11) 1 New Careful file added 12) Glossary Update Total bad files listed: 200 Version 8.0a I add four new trojan horses, update information regarding two different trojans, add three new virii, one new miscellaneous program, and three new pirated programs. Five or six glossary terms and a new paragraph about protecting COMMAND.COM from virii are also new. Note: I still have quite a few pirated files to add, but in the interest of warning YOU of all the new trojans recently released, I will hold those pirated files off for version 8.0b. Dates of release: Version 1.0 -- October 20, 1985. Version 2.0 -- Version 3.0 -- Version 4.0 -- Version 5.0 -- Version 6.0 -- Version 7.0 -- January 3, 1987. Version 8.0 -- February 5, 1988. Version 8.0a-- February 21, 1988. ------------------------------------------------------------------ | Glossary: | ------------------------------------------------------------------ | | | This glossary is for the beginning to intermediate level | | user. Experienced users can skip this with confidence. All | | users should use this as a reference since this material makes | | for exceptionally droll. reading. | | | ------------------------------------------------------------------ ?Q? -- ('?' represents any character) File extension for SQueezed files. Squeezed files are unusable until unsqueezed by a utility such as NUSQ.COM or USQ.COM. The advantage of a SQueezed file is that it is smaller than a regular UnSQueezed file, thus saving disk space and download time. ARChives are more efficient than Squeezed files; that's why there are so many more ARChives on BBS's these days. Example of the extensions of SQueezed files: .EQE, .CQM, .LQR, .TQT, .DQC, etc. ABBRV -- Abbreviation for the word: "abbreviation" ARC -- File extension for an ARChive file -- many files combined together to save space and download time that require ARC.EXE, PKXARC.COM, ARCE.COM, or ARCLS.EXE to separate the files in to runnable and readable (in the case of text) form. BAS -- Abbrv for "BASIC," as in the programming language BBS -- Abbrv for "Bulletin Board System" BBS's -- Abbrv for "Bulletin Board Systems" BOARD -- Also "Bulletin Board System" BOGUSWARE -- Software that is damaging to one or more parties BOOT or -- To boot a computer is to restart it from scratch, REBOOT erasing all TSR programs. One reboots by either powering off and then back on, or pressing Ctrl-Alt-Del at the same time. BYTES -- Bytes measure the length of a file, with one byte equaling one character in a file. CACHE [disk] -- Area of memory set aside to hold recent data. All programs then read recent data from that memory rather than from disk. CLUSTER -- A phyical block on all [hard] disks, composed of sectors, that holds data. COM -- File extension for a file that is executable from DOS level DD -- Abbrv for "dirty dozen" DEBUG -- Either (V) to remove glitches in a program or (N) the assembly language editor/compiler/disassembler provided with DOS DOC -- Abbrv for "documentation" EMS -- Enhanced Memory Specification. An EMS card holds 2 MB extra mem. EXE -- file extension for a file that is executable from DOS level FAT -- File Allocation Tables - First sectors of [hard] disks where file sizes and physical locations are stored. FRAGMENT -- DOS physically saves files all over disks-not continously this slows down drives and cause problems for recovering deleted files or formatted disks. HACKED -- See "definitions" section HIDDEN -- A "hidden" file will not show up in a 'dir'ectory HIGH LEVEL FORMAT -- This type of format is what most computer users view as a regular DOS-format. That is, formatting a disk using FORMAT.COM (included with DOS) is a high level format. IBM -- International Business Machines IBMBIO.COM -- Hidden, System, Readonly file used by DOS IBMSYS.COM -- Hidden, System, Readonly file used by DOS IBM OR COMP -- IBM computer or a 99% or greater IBM Compatible computer KB -- Abbreviation for "KiloBytes," one Kb equals 1024 bytes LBR -- Extension on Library files. Library files are really many combined files like ARChives, but they require different utilities to extract the individual files. Some examples of such utilities are LUU.EXE, LUE.EXE, LAR.EXE, AND ZIP.EXE. See "ARC" LOW LEVEL FORMAT -- This type of format is only executed on a hard disk, therefore most hard disk low-level format programs come only with a hard disk controller card. There are a few PD low-level formatting packages, though. Most manufacturers low-level format their hard drives at the factory. Low level formatting is the first step in the three part formatting process; the second step is to use FDISK, and the third is to execute a high level format. MB -- Abbrv for "Megabytes," or "millions of bytes." MISC -- Abbrv for "miscellaneous" OPTIMIZE -- To make all files on a disk "contiguous," or physically linked together on a [hard] drive. PATCH -- A file that is patched (combined) into another file to change the original file in some way PD -- Abbrv for "Public Domain" PKXARC -- Phil Katz's ARChive extracter PIRATED -- See DEFINITIONS section in this issue. RAM -- Abbrv for "Random Access Memory." (memory used by software) RBBS -- Abbrv for RBBS-PC, a type of BBS (Remote Bulletin Board System) READONLY -- One can NOT write to "readonly" files (ie erasing) ROM -- Abbrv for "Read Only Memory." (memory used by hardware to boot) SQUASHING -- File compression technique used by PKXARC but not by SEA's ARC.EXE SYSOP -- SYStem OPerator of a BBS SYSTEM -- DOS reserves a "System" file for its own use TROJAN -- See DEFINITIONS section in this issue. TROJAN HORSE -- See DEFINITIONS section in this issue. TSR -- Abbv for "Terminate, Stay Resident" Synonym = "Memory Resident" TXT -- Abbrv for "text" USU -- Abbrv for "usually" UNP -- Abbrv for "unprotect" UNPROTECT -- An "unprotect file" is a patch file that results in the breaking of copy protection (no doubt for back up purposes). UTIL -- abbrv for "utility" VIRUS -- See definition section WORM -- Trojan Horse ------------------------------------------------------------------ | Finally: | ------------------------------------------------------------------ If you have any additions or corrections for this list, send them to Eric Newhouse at any of the following places. Please be sure to leave the problem file name, size, and description. Please note that the West LA PC-Store is currently DOWN. Thank You. (in order of most frequented): * The Crest RBBS/CAMS (213-471-2518) (1200/2400) (160/50 MB) [ This is my board ] D * The West LA PC-STORE (213-559-6954) (300/1200/2400) (50 MB) * Camelot PC-Board (213-204-6158) (300/1200/2400) (80 MB?) (leave mail to "NORMAN TEETER." He will reley your message). * The Source (leave E-mail to "Doctor File Finder" in IBM SIG #4). Doctor File Finder (Mike Callahan) will relay your update to me. ----------------------------------------------------------------- END.