home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The CDPD Public Domain Collection for CDTV 4
/
CDPD_IV.bin
/
fish
/
931-950
/
ff948
/
viruszii
/
virusz.doc
< prev
next >
Wrap
Text File
|
1993-12-22
|
26KB
|
643 lines
=======================================================================
VIRUSZ II DOCUMENTATION
=======================================================================
|
·` __/ _ --+--
/| / /`\ /(____ | . . __|__ _ \/_________.
·/\ / | \/__/ \ __ \ · I\_/I /\____)\ /\ _ °/ c0nt®0[/aTz
|°| |!| /___` |\ II \|\_/|· | /° __ / \ / /
| | | I | //| | __ /`| |i /i \_ \_/ \/· //\ Ve®$i0n II
| I\/ / |//·|/ || \ | I: I /\ \ \\ \// /~ \ 1.oo
\ `// |// | || \I ^ /|/ \~\ \\ _|_ // \
\_.\/// |/_/|___°I|_°/ \____/_|\._______/ | /________/°/ OS2 0n[Y
\/ \/ \
\
=======================================================================
THE LEGAL STUFF
=======================================================================
Copyright
---------
The entire VirusZ package is written and copyright © 1991-93 by Georg
Hörmann with exception of the reqtools.library which is written and
copyright © by Nico François who gave the permission to use it in any
freely distributable software package. No parts of this package may be
altered by any means (this includes editing, reprogramming, crunching,
resourceing etc.), except archiving.
Disclaimer
----------
The author is in no way liable for any changes made to any part of the
package, or consequences thereof as he is in no way liable for damages
or loss of data directly or indirectly caused by this software.
Distribution
------------
Neither fees may be charged nor profits may be made by distributing
this piece of software. Only a nominal fee for costs of magnetic media
may be accepted, the amount of US $6 shouldn't be exceeded for a disk
containing VirusZ. Outside a single machine environment, you are not
allowed to reproduce single parts of the package, but you have to copy
it completely. If any parts were already missing when you received
the package, look out for another source to get your software in
the future. See this list of contents for verification:
VirusZ (dir)
Libs (dir)
decrunch.library
reqtools.library
Install Libs
Install Libs.info
Install.script
VirusZ
VirusZ.info
VirusZ.Doc
VirusZ.Doc.info
VirusZ.History
VirusZ.History.info
VirusZ.info
Shareware
---------
VirusZ is Shareware which means you are allowed to copy it freely, but
you have to pay a fee to the author if you use VirusZ regularly. Not
paying your fee is both immoral and illegal. If you already have
registered for any former releases, paying the fee again is optional.
Suggested donation is DM 20 or an equivalent amount in any other
currency. Anything else will not be accepted.
About SHI
---------
It is hereby strictly forbidden to include VirusZ on any Safe Hex
International viruskiller compilation disks. I (the author) am NOT a
member of SHI (any more) and therefore am not interested in any direct
or indirect contacts to SHI and especially not to Erik Løvendahl
Sørensen. His organisation is mostly profit-oriented and tries to
cheat the anti-virus programmers both financially and ethically.
=======================================================================
PERSONAL STUFF
=======================================================================
The Author
----------
Starting with September 1993, I have to fulfil my community service at
the local Red Cross station as an army replacement. Therefore I will
no longer have that much time for updating VirusZ as I had it in the
past when I went to school. I'll nevertheless try my best, but I can't
make any promises. If you want to contact me anyway, try the following
address:
Georg Hörmann
Am Lahnewiesgraben 19
82467 Garmisch-Partenkirchen
Germany
Submissions
-----------
Submissions with new material (viruses/crunchers) are welcome. If you
want your disks back, either enclose enough money for postage or German
stamps. By now I had more expense than profit by sending all you folks
your disks back. If you want me to continue my anti-virus work, don't
try to cheat me.
Special Thanks
--------------
There are several people I want to thank for supporting VirusZ:
* Ralf Thanner for everything (what more should I say:-))
* Control/Alcatraz for the nice logo
* Axel Folley for moral and financial support :-)
* Steve/Silicon Designs 3003 for viruses and packers
* Flake/Mystic for viruses and bug reports
* Holger Wessling for his unbelievable fantasy
* Martin Odaischi for dozens of viruses and financial support
* Heinz Lindner for resident tools and new Kickstarts
* Markus Stiebeling for bug reports and hints
* Rüdiger Prang for patches and TEX-Docs
* all other folks that have contacted me in the past
* of course all users who already paid their shareware fee
There's one person I DON'T want to thank:
* Erik Løvendahl Sørensen for being the leader of SHI, for his lies
and bad comments, his egoism, his pseudo-legal appearance and his
bad English.
=======================================================================
INTRODUCTION
=======================================================================
Philosophy
----------
VirusZ is another try to make the perfect viruskiller. Although there
are already hundreds of killers, none had to offer the, in my opinion,
most important features. These are to be short, fast and not to keep
the user from working by opening a big screen with hundreds of gadgets
or locking the drives. If you like that type of killer, forget VirusZ.
Enforcer Hits
-------------
VirusZ has been designed to kill viruses in memory. Therefore it has
to check all the memory locations used by these bastards, amongst them
the interrupt table of the CPU. This certainly causes enforcer hits,
but it obviously is better to detect the viruses than not to have an
enforcer hit, isn't it? By the way, all hits are completely harmless.
Getting Started
---------------
The VirusZ II series requires OS2 and the reqtools.library in order to
work correctly. As an addition, if you want to use the decrunch
feature, you need the decrunch.library. Copy both files to the LIBS:
drawer of your system disk. You can use the 'Install Libs' script for
the copy work. After this, starting VirusZ is nothing more than typing
its name to any Shell or double-clicking its icon from Workbench. See
the chapters below for supported Shell options and tooltypes.
How To Use ReqTools Requesters
------------------------------
VirusZ uses three types of ReqTools requesters: requests asking for a
decision, information requests informing you about something and file
requests to select files/drawers. You can satisfy them not only by
clicking their gadgets, but also via shortcuts. These are:
Positive response: <Y>, <RETURN>, <LAMIGA-V>, underscored character
Negative response: <N>, <ESC>, <LAMIGA-B>, underscored character
The positive gadget is the leftmost always printed in bold, whereas the
negative is the rightmost.
Menus
-----
Actions are taken via the items in the 'Project' menu. 'Quit' causes
VirusZ to quit, 'Hide' hides the main interface, 'About' gives you
information about the current release and 'Show Brains' displays all
known viruses. See descriptions of the other items below.
The 'Prefs' menu enables the user to configure VirusZ to his own taste.
After selecting 'Save Prefs', VirusZ writes the file 'VirusZ_II.Prefs'
to the ENVARC: drawer which contains the settings. See descriptions
of the other items below.
=======================================================================
SHELL OPTIONS
=======================================================================
CX_PRIORITY
-----------
Specifies the commodity priority of VirusZ's broker. Values may range
from -128 to 127, default is 0.
CX_POPKEY
---------
Defines the hotkey used to pop up the main window.
CX_POPUP
--------
Tells VirusZ whether to pop up on startup or not.
PUBSCREEN
---------
Tells VirusZ to open its windows on the defined public screen instead
of the Workbench.
??|INFO
-------
Prints further information about the exact use of the above options.
=======================================================================
TOOLTYPES
=======================================================================
CX_PRIORITY
-----------
Specifies the commodity priority of VirusZ's broker. Values may range
from -128 to 127, default is 0.
CX_POPKEY
---------
Defines the hotkey used to pop up the main window.
CX_POPUP
--------
Tells VirusZ whether to pop up on startup or not.
PUBSCREEN
---------
Tells VirusZ to open its windows on the defined public screen instead
of the Workbench.
=======================================================================
FILE CHECK
=======================================================================
Introduction
------------
In the early days of the Amiga viruses, nobody thought about file or
even link viruses. A good virus killer had to display the bootblock
and check some vectors. But nowadays, the greatest danger doesn't come
from the bootblock, but from files. Therefore this file check has been
created to check files for virus infection. See a list of all known
viruses by selecting 'Show Brains' from the 'Project' menu. This file
check is quite unique as it offers you several features which others
lack. First it can decrunch files for checking, second it can remove
all virus links from an infected file in one step where others are only
able to remove one link after the other. These features are possible
thanks to a great file buffering method and my own decrunch.library.
If you have to chose a checker, use mine for perfect checking.
File Request
------------
After selecting 'File Check' from the 'Project' menu, the first thing
to appear is a file request. Here you (multi-)select the files and/or
drawers you wish to check. If you want to select several entries, keep
<SHIFT> pressed while selecting them. To select all entries, click on
the 'All' button. Now click on 'Ok' to start or 'Cancel' to abort
checking.
Output Window / Control Panel
-----------------------------
Now a window opens that is separated in two portions. The bigger part
is the output window which contains information about the files that
are checked. The small part at the bottom is the control panel. By
clicking on 'Stop', checking is interrupted and a request appears
asking you to continue or to abort. If you select 'Continue', the
request disappears and checking continues. By selecting 'Abort',
checking is aborted and you can exit from the file check or select the
next drawer/file by clicking on 'Check Again'.
Important Notes
---------------
The link virus removal code is absolutely reliable as long as infected
files aren't damaged in any way. If the hunk structure is corrupted or
anything else disables removing, VirusZ will tell you and then skip the
file.
VirusZ handles the protection bits of files automatically, i.e. makes
the file readable for checking and writeable for reparation. This is
useful because you don't have to mess around with the Protect command
in your Shell. Whenever there comes up a system request "Disk is write
protected", VirusZ tried to change the protection bits. This access is
not dangerous, so it would be best if you make your disks write enabled
before checking.
Additional Hint
---------------
It may happen that a file is first infected and then crunched. If you
want to save the cleaned file without having it decrunched, check it
again with decrunching disabled.
=======================================================================
FILE CHECK PREFERENCES
=======================================================================
Decrunch Files
--------------
If this option is enabled, the file check decrunches files in order to
check them for viruses. You need the decrunch.library for this feature
and free memory that is twice as large as the file itself.
Skip Subdirectories
-------------------
Enable this option to make the file check ignore any drawers that may
exist in a selected drawer.
Auto-Handle Viruses
-------------------
If the file check detects a file that contains a virus, a request pops
up to inform you which virus it was and asks you to either kill the
virus or let it stay alive. With this option you can skip this request
and kill any viruses automatically.
Generate Report
---------------
This option makes it possible to create a text file that contains a
copy of the text output you can see while checking. If enabled, a file
request will appear after the file check is finished to ask you for the
filename the report should be written to.
Check Without Repair
--------------------
If enabled, the file check only detects viruses, but doesn't try to
repair the files. This may be useful with new disks you don't know the
contents. Simply select all files, perform a file check and look at
the output without being disturbed by requests. In fact it is useful
for me to check through my virus drawers without aborting hundreds of
requests.
Auto-Save Report
----------------
If enabled, VirusZ doesn't ask for a path/filename to save the report
to. It then simply uses the filename that is generated by default and
the path entered in 'Default Report Path'.
Default Report Path
-------------------
Enter the path where you want to save file reports to in this gadget.
If auto-save is enabled, VirusZ uses this path for saving.
Amount Of Lines Displayed
-------------------------
This gadget contains the maximum amount of lines that will fit into the
file check output window. Set to 99 on screens lower than 300 pixels
and to smaller values on interlaced screens. Otherwise the scrolling
will be too slow and decrease checking speed.
=======================================================================
SECTOR CHECK
=======================================================================
Select Drive
------------
After selecting 'Sector Check' from the 'Project' menu, the first thing
to appear is a drive request. Here you select the drive you wish to
check. Only trackdisk units are supported, but checking should work
with the new 1.76 MB disks too. Click on 'Ok' to start or 'Cancel' to
abort checking.
Output Window / Control Panel
-----------------------------
Now a window opens that is separated in two portions. The bigger part
is the output window which contains information about the sectors that
are checked. The small part at the bottom is the control panel. By
clicking on 'Stop', checking is interrupted and a request appears
asking you to continue or to abort. If you select 'Continue', the
request disappears and checking continues. By selecting 'Abort',
checking is aborted and you can exit from the sector check or select
the next drive by clicking on 'Check Again'.
=======================================================================
SECTOR CHECK PREFERENCES
=======================================================================
Auto-Repair Sectors
-------------------
If the sector check detects an infected sector that can be repaired, a
request pops up to ask you to either repair the sector or ignore it.
With this option you can skip this request and repair any sectors
automatically.
Check Without Repair
--------------------
If enabled, the sector check only detects infected sectors, but doesn't
try to repair them. Useful to get a quick overview over the sectors of
a disk.
Amount Of Lines Displayed
-------------------------
This gadget contains the maximum amount of lines that will fit into the
sector check output window. Set to 99 on screens lower than 300 pixels
and to smaller values on interlaced screens. Otherwise the scrolling
will be too slow and decrease checking speed.
=======================================================================
VECTOR CHECK
=======================================================================
Introduction
------------
Mostly all viruses work in the same manner. Either they make themselves
resident and/or corrupt some libraries or devices with their code.
Therefore the vector check was designed to help you finding new viruses
that can't be recognized directly by VirusZ yet.
Most of the vectors and entrypoints that will be displayed are only
interesting for programmers, so I will try to avoid any explanations
that confuse the average user.
Output Window / Control Panel
-----------------------------
After selecting 'Vector Check' from the 'Project' menu, a window opens
that is separated into two portions. The bigger part is the output
window which contains information about the vectors that are checked.
With the scroll gadget at the right you can move the output up and
down. The small part at the bottom is the control panel. By clicking
on 'Refresh', the output will be refreshed. This is useful after
clearing some vectors. If there is not enough memory to refresh, the
vector check exits. With 'Exit', you normally leave the vector check.
What Can I See From The Displayed Information?
----------------------------------------------
Well, every vector has a short comment right of it. As long as you can
read 'Ok' there, everything is fine. Then it might happen that you
read something like 'SetPatch', this tells you that the changes done to
this vector are ok, because VirusZ recognized who did them. But if you
read '*** NON-STANDARD VECTOR ***', be alarmed. In fact, most of these
unknown changes are nothing more than an utility like the well known
'PP Patchers'. If you have such an utility and you know the changes
are caused by it, please send it to me for inclusion.
Menu
----
There exists a menu called 'Clear' in the vector check which offers you
the possibility to clear certain vectors one by one or all together.
The item names correspond with the respective vectors.
=======================================================================
VECTOR CHECK PREFERENCES
=======================================================================
Show ResModules
---------------
If enabled, the ResModules will be checked and non-ROM based modules
will be displayed.
Show Exec Interrupts
--------------------
If enabled, the exec interrupt table will be checked and non-ROM based
entrypoints will be displayed.
Show CPU Interrupts
-------------------
If enabled, the CPU interrupt table will be checked and non-ROM based
entrypoints will be displayed.
Show Devices
------------
If enabled, devices will be checked and non-ROM based function table
entrypoints will be displayed.
Show Libraries
--------------
If enabled, libraries will be checked and non-ROM based function table
entrypoints will be displayed.
Hide Known Patches
------------------
Normally the sector check displays known patches with their name after
the patched entrypoints. If this option is enabled, known patches are
skipped and will not be displayed. Useful to filter out modifications
caused by SetPatch, LoadWB or other system commands.
Hide 'OK' Vectors
-----------------
If enabled, the vector check will not display ANY vectors marked 'OK'.
This decreases the amount of printed lines drastically as long as there
aren't too much patches in the system.
Amount Of Lines Displayed
-------------------------
This gadget contains the maximum amount of lines that will fit into the
vector check output window.
=======================================================================
BOOTBLOCK LAB
=======================================================================
Attention
---------
Be careful with writing to / installing your harddisk. I'm not reliable
for your faults.
Drive / Display
---------------
There are two cycle gadgets in the bootblock lab, one on each side of
the status line. The left one selects the drive you want to work with,
the right one selects the display mode. Keyboard activiation of the
drive gadget is <D> or <SHIFT-D> and <B> or <SHIFT-B> for the display
mode gadget.
Name
----
Whenever there happens to occur an error, this will be stated in the
status line. Then the name of the current bootblock in the buffer will
be overwritten. By clicking on this gadget, the name is printed again.
Exit
----
Click to exit from bootblock lab.
Read
----
Reads the bootblock from the currently selected drive to the buffer.
Only DOS disks can be read.
Write
-----
Writes the current buffer contents to the bootblock of the selected
drive. The disk type and the checksum will be corrected automatically.
Load
----
Opens a file request to select a bootblock file that should be loaded
to the buffer. Only DOS bootblocks can be loaded.
Save
----
Saves the current buffer contents to a file. This is useful to backup
important bootblocks of games etc.
Prefs
-----
Opens the bootblock lab preferences window. Useful to change something
without having to leave the lab.
Install
-------
Installs a standard OS2 bootblock to the currently selected drive. The
disk type will be corrected automatically.
=======================================================================
BOOTBLOCK LAB PREFERENCES
=======================================================================
Ask Before Write Access
-----------------------
If enabled, a security request pops up every time you select 'Write' or
'Install' in the bootblock lab.
Read Inserted Disks
-------------------
This enables the bootblock lab to read the bootblocks of inserted disks
automatically. Useful if you intend to check a whole box of disks for
bootblock viruses.
Install Uninstalled Boot
------------------------
If enabled, 'Install' doesn't install a standard bootblock, but makes
the disk non-bootable.
=======================================================================
BACKGROUND PREFERENCES
=======================================================================
Check All Disks On Startup
--------------------------
If enabled, the bootblocks and disk-validators of all available disks
will be checked on startup.
Check Memory For Viruses
------------------------
If enabled, memory will be checked for viruses regularly. The state of
this button does not influence the memory check on startup which is
always performed.
Check Bootblocks
----------------
If enabled, the bootblock of every inserted disk is checked. The state
of this button does not influence the behaviour of the bootblock check
that is performed on startup.
Check Disk-Validators
---------------------
If enabled, the disk-validator of every inserted disk is checked. The
state of this button does not influence the behaviour of the startup
disk-validator check.
Memory Check Repeat Delay
-------------------------
Enter the amount of seconds that should pass between two memory checks
here.
=======================================================================
MISCELLANEOUS PREFERENCES
=======================================================================
Check Hunks On Startup
----------------------
If enabled, the hunk structure of VirusZ will be checked on startup.
An alert appears if there is something wrong (might be a link virus).
Disable this option if you intend to crunch VirusZ with a file packer
because most of these modify the hunks.
Requesters Follow Mouse
-----------------------
If enabled, all ReqTools requesters appear with the negative response
under the mouse. If disabled, they pop up in the top left corner as
usual.
Quit Immediately
----------------
If enabled, VirusZ quits without verification.
Install SnoopDos Task
---------------------
If enabled, a task called 'SnoopDos' will be created which doesn't use
any processor time, but prevents several trojan horses from doing any
harm.
Pop Up On Startup
-----------------
If enabled, VirusZ opens the main window on startup, otherwise it can
be controlled via the Exchange commodity only.
Close Main Window = Exit
------------------------
If enabled, VirusZ quits when you click on the close-window button of
the main window, otherwise it will act as if you selected the 'Hide'
item from the 'Project' menu.
Center Main Window
------------------
If enabled, VirusZ's main window appears centered at the top border of
the screen. Otherwise it will use the coordinates that have been last
saved. You can save the coordinates by moving the window to the
desired position and then selecting 'Save Prefs'.
Hotkey
------
The default commodity hotkey used to pop up the main window.
=======================================================================
END OF DOCUMENTATION
=======================================================================