This page is a wiki. Please login or create an account to begin editing.

4 posts / 0 new
Last post
macgyver's picture
Joined: 2017 Jul 16
A rare Mac virus - "Code 9811"

Hi there Smile

This is my first post here, although I've been a regular visitor to this site and the forum. I hope you excuse my bad English, as it is not my native language and I make a lot of mistakes.

It's great to see software preservation so active! Smile I'm a vintage computer collector focussing on Apple computers and thus have a great interest to preserve the software we need for the vintage machines.

In the more recent times, I've found that not only the software itself is worth to preserve, but there are also inconveniences like computer viruses that can become lost to time. Sounds weird, but I believe those shound be protected as historical artifacts as well. For years people have tried to extinct those malicious pieces of software and sometimes they have been successful, as it seems. From todays perspective, it is very interesting to take a closer look at the malware of two or even three decades ago, so I started to collect and analyse uncommon and rare computer viruses for different platforms.

Mac viruses are quite a small number compared to other platforms and for the most part rather boring. However, for example, I read about the "Code 9811" virus, which seems rather interesting and doesn't seem to be 100% analysed yet. For months, I tried to get hold of a disk image or infected file to study this virus, but I haven't been successful. In the worst case, it has become lost to time and every single copy of it has been destroyed.

Has anybody of you ever come across this rare species? Ever seen it first hand? I'd love to get a disk image of an infected disk. Maybe somebody of you can help?

Thanks a lot and greetings from Germany Smile


MacTouch's picture
Joined: 2016 Mar 19


Myself, I remember that I encountered a virus that I would preserve for analysis, but I have lost the copy on a floppy... As far as I remember, it was not this one. Sorry. Smile

MikeTomTom's picture
Joined: 2009 Dec 7


I have not come across this one before, only the more common nVIR, MBDF & occasionally 666

Just to suggest that you contact John Dalgliesh the author of Agax anti-vir program (for Classic Macintosh), as he has written patches for this and other classic Mac virus's.

His web pages are still active, and his contact details are there, hopefully he may respond favorably to you.

[Edit] On John Dalgliesh's Agax Developer Home Page, he has a downloadable example of the CODE 9811 project and source (Code Warrior 11 format), ready to go. - DL the "Additives SDK" linked on that page.

SkyCapt's picture
Joined: 2017 Jan 11

ahh, the olde virus in captivity thing. I had a pet "Byte Bandit" virus for Amiga in the 1980's. It was less than 1K when compiled. The person who infected me paid a wasted service call on their hardware because the virus made the screen go blank and system lock up intermittently. Analysis of the code revealed a supplied back door to unlock the system in realtime by pressing a sequence of 5 keys - anyone could've kept their computer going, if they'd only knew. The virus also kept a counter of the iteration (copy #) that it was, describing how many linear reinfections had taken place by the time it had gotten to you. One sinister thing about Amiga Byte Bandit was if your computer was running infected, it contaminated other floppy disks simply by inserting them and doing nothing else. You could put in any floppy disk that wasn't physically write protected, say to yourself "oops, that's not the disk I wanted", eject it after having done nothing else pressing no keys, and that disk got infected. I recall the virus "waited" dormant without causing crashes until x number of copies were made so that it could spread around a lot before causing suspicion to defend against it.