There is a Trojan Horse called "Steroid". It is an INIT that claims to speed up QuickDraw on Macintosh SE, Plus and earlier machines. The INIT contains code that checks for the date being greater than July 1, 1990. If it is, it will ERASE all mounted drives.
Having the Comm Toolbox installed seems to interfere with the INIT and keep the erasure from happening. The SE then simply crashes.
Installing the INIT on a floppy disk and booting it on an SE with the system date set after July 1, 1990 causes the floppy and hard disk to be immediately erased.
At this time it is known that the code does the following:
OPERATIONS AT RESTART:
----------------------
DATE & TIME CHECK (Loop)
SYSENVIRONS CHECK
GETS VOLUME INFORMATION (probably checking for HFS)
GETS SOME ADDRESSES (Toolbox traps)
DOES SOME HFS DISPATCH OPERATIONS
VOLUME IS REINITIALIZED to "Untitled"
INFORMATION:
------------
TYPE: INIT
CREATOR: qdac
CODE SIZE: 1080
DATA SIZE: 267
ID: 148
Name: QuickDraw Accelerator
File Name: " Steroid" (First 2 characters are ASCII 1)
The 2 invisible characters are there to make it load before SAM (or
other INITs).
If you have renamed the file so that it runs after SAM (in general, NO unknown INITs should ever be allowed to run before SAM), then in advanced or custom modes you will get SAM alerts saying "There is an attempt to bypass the file system" when this Trojan attacks your volumes. Denying these attempts prevents the Trojan from doing any damage.
You can enter the following virus definition in Virus Clinic to allow both SAM Intercept and Virus Clinic to detect this Trojan during scans.
If you have entered this definition and have renamed the Trojan to run after SAM, then SAM Intercept will also notify you when this INIT is run at startup time.
If your disk becomes erased, you can use SUM II Disk Clinic to recover the deleted files.
NOTE:
This information comes from a number of sources and has been edited by Geoff Hartley for CVIA for clarification.
