home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
United Public Domain Gold 4
/
United Public Domain Gold 4.iso
/
fredfish
/
ff.0669.dms
/
ff.0669.adf
/
VirusChecker
/
Virus_Checker.doc
< prev
next >
Wrap
Text File
|
1992-05-21
|
60KB
|
1,238 lines
************************************************************************
Virus_Checker Documentation
by John Veldthuis
Member of SHI Anti Virus Group
************************************************************************
DISTRIBUTION:
Virus_Checker is a freely distributable, copyrighted piece of
software. You do not have to pay money to use it, and may upload it
wherever you choose, but you are not allowed to sell Virus_Checker
for profit, or include Virus_Checker on a disk which is sold for
profit, without the author's (John Veldthuis) permission. Commodore
have this permission already.
Money is not solicited but would be welcome. I can be contacted at
the address below.
Please send me any more new viruses so I can update Virus_Checker,
but please don't send a letter asking for a copy without sending me
at least a disk to send it back on. I just cannot afford to do this.
John Veldthuis
21 Ngatai Street
Manaia, Taranaki
New Zealand
Phone (0624) 8409
Email addresses:
FIDO 3:771/400.10
USENET johnv@tower.actrix.gen.nz
ABOUT SAFE HEX INTERNATIONAL
If you know a virus programmer you can get a reward of $ 1000 for
supplying his name and address. The fact is that the law punishes data
crime very severely. (5 years in jail in most countries).
We are an international group with more than 250 members who have started
trying to stop the spread of virus. Let me give you some example:
1. Our motto is: "Safe Hex", who dares do anything else today?".
2. A virus bank containing all well known virus killer programmes.
3. We help people to get money back lost by virus infection.
4. We write articles about virus problems for 8 magazines.
5. We release the newest and the best virus killers around.
6. We have more than 20 "Virus Centers" worldwide where you
can get free virus help by phoning our "Hotline", and the
newest killers translated n your own language at very little
cost.
For more information contact:
SAFE HEX INTERNATIONAL (Please send a "Coupon-Response
Erik Loevendahl Soerensen International" and a self addres-
Snaphanevej 10 sed envelope, if you want infor-
DK-4720 Praestoe mation about SHI by letter).
Denmark
Phone: + 45 55 99 25 12
Fax : + 45 55 99 34 98
INSTALLATION:
To run Virus_Checker once, either type it's name into a CLI window (while
the program is in the current directory), or double-click on it's icon
from the Workbench. The program will be active until you quit it or
reset your computer.
Installing Virus_Checker so that it will be active all the while your
computer is running is a good idea. This is because viruses can be on
any disk you insert into any disk drive. With Virus_Checker always
active, you will be protected.
Under 1.3, to install Virus_Checker so that it will be run whenever
you reset your computer, edit your startup-sequence to include simply
"Virus_Checker". The program will have to be either in the root
directory of the disk you are booting off of, or in the C: directory,
for this to work.
Under the 2.0 operating system, installation is much easier. All you
have to do is drag the icon for Virus_Checker into the WBStartup
drawer on your Workbench disk (or your boot partition if you use a
hard disk), and Virus_Checker will automatically be loaded when the
Workbench is loaded.
NOTICE FOR USERS OF FILE PACKERS AND CRUNCHERS:
If you use a program such as PowerPacker to make your files smaller
then be aware that you must check these files before you crunch them.
If the file is infected and you crunch them then VC will not find the
virus in the file and each time you use that file it will infect your
machine. VC will still detect the virus in memory and remove it okay.
So if you get VC telling you your memory is infected but you cannot
find it on any disks then start unpacking any of these files and
check them UNPACKED.
ENFORCER USERS
Just a quick note for people who use the program called enforcer.
Virus_Checker will cause Enforcer hits when it does it's memory scan. There
is no way around this as it is the only way to detect a couple of viruses.
For each low memory read Virus_Checker will cause 2 enforcer hits. One for
the read and one for the zero that was returned. This will happen only when
Virus_Checker starts up and when you cause it to do a full memory scan via
the menu or 'm' key.
There should be 4 enforcer hits. The reads are from location $20 and
location $6c. The other 2 will depend on your setup.
WORKBENCH 2.0 USERS BEWARE
Workbench 2.0 now looks at and acts on the protection flags on each file.
If you have a file that is read protected then Virus_Checker will not be
able to check this file. WB1.3 ignores most of these flags and will happily
read a read protected file.
I got a disk with the BSG9 virus on it and wondered why VC would not pick
it up. I finally did a list on it and saw it only had the delete flag on.
After un-read protecting it VC picked the file up okay.
UPDATE
From version 6.05 VC will warn you if it finds a file that is write
protected. This will allow you to use the Shell command protect to
unprotect the file. Just use 'protect filename +r' without the 's and this
will allow VC to read the file when you scan it again.
FRENCH USERS
Someone has gone to the trouble of translating the Virus_Checker docs into
French. If you wish to get them then please read the following
You can get the French doc from AUGL or order it for 20 French Francs at:
BUGSS
4, Place de L'Aube
33170 GRADIGNAN
FRANCE
Direct any questions to berger@geocub.greco-prog.fr
or berger@platon.greco-prog.fr
COMMAND LINE OPTIONS:
The syntax is:
Virus_Checker [-l###] [-t###] [-w###] [-b] [-q] [-i] [-n] [-m] [dirname]
-l### tells Virus_Checker how far from the left edge of the
screen to open the Virus_Checker window.
-t### tells Virus_Checker how far down from the top edge of
the screen to open the Virus_Checker window.
-w### tells Virus_Checker how wide you want the window. It has
a maximum size of 386 pixels and a minimum of 200. Any
numbers out of this range are ignored.
This is ignored by Workbench 2.0 as there is really no need
for it due to being able to 'pop' the window up when you
want it and hide it when you don't want it.
-b tells Virus_Checker to send its window to the back of all the
other open windows.
-n tells Virus_Checker not to open a window. It will check memory
and disks inserted but you will have to use the ARexx port
or the commodities 'Exchange' program (or the hotkey) to
get it to scan the whole disk for Link/File viruses or to
view the user interface. To stop VC, run VC again, use
the ARexx port, or send it a Kill command from the
commodities 'Exchange' program.
-q tells Virus_Checker to check all memory, files, and disks for
viruses, then exit. To check the dh0: partition and exit,
do the following: "Virus_Checker -q dh0:". This will check
memory, disks, files, and dh0:, then exit.
-i tells Virus_Checker not to put up a requester when it can't read
the bootblock of a disk.
-m tells Virus_Checker to watch the file s:startup-sequence for any
changes. Some viruses will change this file and VC will
catch it. (Only works under WB2.0 and above)
Bug report
There seems to be a bug that if the file is changed VC will
pick it up okay. but if another file is changed in the S:
directory then AmigaDOS tells VC the startup-sequence has been
changed. It is okay again after that. You have been warned
dirname is the directory/file you want checked for File Viruses on
startup. An example to open the window at x/y position of
200/100 and check DH0: is: "Virus_Checker -l200 -t100 dh0:".
For the window coordinates, any values outside the size of the WB
screen are ignored and any non numerical values are ignored. There
must be no spaces between the options and the numbers. Options may be
given in any order.
If Virus_Checker is already running, and you invoke it again from the
command line, you will be asked if you want to kill it. If you answer
yes, the already-running copy will be removed from memory, and you will
have no Virus_Checker running. This will work not if you RUN Virus_Checker,
as you have you be able to answer it's question.
THE WORKBENCH STARTUP:
SPECIAL NOTE:
If Virus_Checker is not run from Workbench it will look for the file
S:VIRUS_CHECKER.INFO This is just a standard workbench info file and can
be used as described in the next section. This is to allow 1.3 users who
run VC from their startup-sequence to config VC easily. It will work for
2.0 users as well. I have done it this way because it is too hard to find
where a program ran from under 1.3. This way I only have to look for 1 file
in one directory.
To use it add the stuff you want under Workbench and save it. Then copy the
Virus_Checker.info file to the S: directory.
Support for the icon stuff has now been put in. These will override the
default settings and also the settings in the S:Virus_Checker.config file.
It will only affect those things that are given in the ICON. The rest will
be left as default or as the config file sets them.
The things that you can put in via the Information menu on Workbench are as
follows. These will be used if VC is started by Workbench
HOTKEY is only used by WB2.0
HOTKEY=string /* HOTKEY=lcommand shift del */
LEFT=num /* LEFT=150 */
TOP=num /* TOP=25 */
WINDOW=ON/OFF /* WINDOW=ON or WINDOW=OFF */
RESIDENT=ON/OFF /* RESIDENT=ON or RESIDENT=OFF */
IGNOREBBERROR=ON/OFF /* Ignore BootBlock Read Error */
/* use IGNOREBBERROR=OFF to turn requester off */
WATCHSS=ON/OFF /* WATCHSS=ON or WATCHSS=OFF */
DF0=ON/OFF /* DF0=ON or DF0=OFF */
|
V ;If Off VC will not check BootBlock or startup-sequence
DF3=ON/OFF
FULLCHECKDF0=ON/OFF /* FULLCHECKDF0=ON or FULLCHECKDF0=OFF */
|
V ;If ON VC will scan all files on the inserted disk.
FULLCHECKDF3=ON/OFF
IN ALL CASES DO NOT USE THE QUOTE MARKS " or ' in any place. VC can see the
spaces between strings without them.
THE AREXX INTERFACE:
VC has an ARexx port, which means you can send VC commands using the
REXX language, available from your Amiga dealer, or as part of the 2.0
Operating System. The port name is "Virus_Checker". Be aware that
case is important and ARexx will not find it if the name is not spelled
right. Here is an example ARexx program that talks to VC:
/* ARexx programs must start with a comment */
address 'Virus_Checker' /* Talk to Virus_Checker */
'checkdrive\df0:' /* Make virus_Checker check df0: */
/* for viruses */
'scanforsaddam\df0:' /* Make VC check df0: for Saddam */
/* virus damage */
'quit' /* Make Virus_Checker shut down. */
'drive\df1: off' /* Turn off df1: from being scanned */
Notice the '\' between the command and the drive name in the middle
examples. This must be put between all commands and their options. 'quit'
does not take an option so does not need the '\' character there.
Virus_Checker will take the following commands:
checkdrive\drivename Check drive 'drivename' for file viruses.
scanforsaddam\drivename Check drive (DF0:-DF3) for Saddam damage.
quit Make Virus_Checker shut down.
saveconfig Save the s:Virus_Checker.file file
window\option Open or Close window (Option = on or off)
drive\df?: option Turn on/off Drive scan (Option = on or off)
resident\option Turn on/off Resident flag "" "" ""
checkfile\device:dir/filename
checkbootblock\df?: Check the Bootblock in df? for viruses
Special note for 'checkfile' command.
This one turns off any requesters while doing it's work. If the command
OPTIONS RESULTS is used it will return RESULT if no virus found or if a
virus is found then the string VIRUSNAME Virus was/is present in the file.
This does not mean the virus is gone as there may have been errors trying
to remove the virus.
This is really for BBS users who want to check files as they come in.
You could write an arexx script to search files and log any that come up
with viruses. Later after findong which ones where infected you would run
VC over them again via the main menu thus making sure they where clear.
CheckBootBlock command
This one also needs the options results and returns messages.
If the disk is clear or you give it a number outside the range of df0: to
df3: it will return 'Okay', if VC had trouble reading the disk the message
returned is 'ERROR reading BOOTBLOCK', if the bootblock is Not the normal
one then 'NON-STANDARD BOOT CODE' is returned. If the Bootblock is
infected then the virus name will be returned. At present there is no way
to clear the virus from Arexx but I am working on it. Requesters are
disabled while this is done.
VIRUS_CHECKER OPERATION:
Upon running Virus_Checker, it will first check your memory for
viruses and tell you if any were detected. They will either be
removed or disabled. Next all disks in the floppy drives will be
checked. Any disk put in any drive (df0: to df3:) will be checked.
If Virus_Checker finds and disables the LAMER virus in memory, the
machine may guru. Once the machine is reset, however, the virus
should be gone.
THE 2.0 USER INTERFACE:
Many Thanks goes to Steve Tibbett for designing and most of the C code for
this section. All I did was translate it into assembly and intergrate it
into Virus_Checker.
This section describes the user interface that Virus_Checker uses
when Kickstart 2.0 is detected in your computer. This section does
not apply for users with Kickstart 1.3.
Kickstart 1.3 users can see the special note for using the Config file
below.
Virus_Checker can be used either with a window open, or with no window
open. When used with the window closed, Virus_Checker will only show
itself when it has something to tell you about. If you insert a disk
containing a virus, Virus_Checker will pop up a requester telling you
about it, and give you some options to deal with it.
The normal Virus_Checker user interface can present itself in two
forms. One is the 'TitleBar Window', where only the close gadget,
the depth gadget, the Zoom gadget, and the program name are visible.
If you click the Zoom gadget, Virus_Checker's window will change into
a window occupying nearly half a normal 640x200 Workbench screen.
This window is broken up into three sections: The Preferences
section, the Files section, and the Drives seection.
In the Preferences section, you can tell Virus_Checker whether it
should open a window or not, whether the window should be a Backdrop
window, and whether Virus_Checker should quit immediately when run,
or whether it should stay resident. You can also set the window
position, and the hotkey that will call Virus_Checker when you want
to open it's window or pop it to the front. (The hotkey format is
described in the AmigaDOS 2.0 manual, in the section on the
commodities exchange).
THE DEFAULT HOTKEY is Left-Amiga Shift del
The Files section is where you list the drives or directories that
Virus_Checker will check when you click the Check button. If you
'Add' DF0: and DF1: to the list, then choose Check, then
Virus_Checker will check all the files on both DF0: and DF1: for file
viruses.
The Drives section lets you specify which of your floppy disk drives
will automatically be checked for bootblock and file viruses when you
insert a disk. If you have a program like CrossDOS and you don't want
Virus_Checker looking at the msdos disks then simply disable it and
Virus_Checker will never look at that drive again. Unless you enable it
again.
The Second row of Drive gadgets turn on and off the automatic scanning of
the entire disk. These are disabled by default. If you turn them on, then
Virus_Checker will scan the entire disk every time you insert one.
Checking for file viruses takes some time, so you may not want this on for
a drive that you are constantly moving disks in and out of.
The state of these gadgets is also saved in the Config file.
Any of the Gadgets that have text with an UnderScore beneath then can be
accessed by simply pressing the that key on the keyboard.
For example. If you wished to change the Hotkey you will notice that the H
in HotKey is Underlined. This means simply by pressing the 'h' key that
gadget will become active.
The options that you set in the user interface can be saved to disk
using the Save button. The options are saved to the file
"S:Virus_Checker.Config", and are read from there whenever the
program is loaded.
SPECIAL NOTE FOR 1.3 USERS:
There is no way at present to set the configuration via the window under
1.3. You can still save the Configure file and alter it via a binary file
editor such as NewZap. Here is the format of the file.
Bytes 0 - 3 VC header ID. This must be the characters VCID.
Bytes 4 - 5 Window X position as a Binary number
Bytes 6 - 7 Window Y position as a Binary number
Byte 8 Use Window 0 = no window, 1 = open window
Byte 9 Window Backdrop 0 = Normal window, 1 = Backdrop window
Byte 10 Stay Resident 0 = Check Mem,disks, then exit. 1 = normal Use
Byte 11 CheckDrives This is a bitmap of drives to check for BB
1 = check drive 0
2 = check drive 1
4 = check drive 2
8 = check drive 3
Byte 12 CheckDrives2 This is a bitmap for checking the entire
disk when inserted
1 = check drive 0
2 = check drive 1
4 = check drive 2
8 = check drive 3
When using the 2 above add togeather the numbers to create
the value that goes in. For example if you want drives
0,2 and 3 checked but 1 left alone the number would be
1 + 4 + 8 = 13. Put this number in the byte 11.
Byte 13 Interface open (Only of use for WB2.0)
Byte 14 - 77 HotKey name (Only of use for WB2.0)
Byte 78 - ?? Names of drives to check (Only of use for WB2.0)
KEYSTROKES:
The Following keys will activate the following functions, when typed
into the Virus_Checker window:
s - Will activate the Scan mode
m - Will immediately do a complete memory scan (same as startup)
f - Will activate the Saddam Disk Scan (used to fix Saddam virus damage)
0 - 3 Will check the First File in startup-sequence and bootblock on disk
in drive which matches number
There are also some options on the menu (hold the right mouse button
to get to the menus) which have keyboard-equivalent shortcuts. These
are next to the inverse A on the menu.
LINK/FILE VIRUS CHECK:
If you want to check a disk for Link/File viruses then put the disk in
any drive. Make sure the Virus_Checker window is active and use the right
mouse button to bring up the Project Menu. Select the "Link/File Scan"
and release the mouse button. An alternative way is to just press
the 's' key on the keyboard.
This will bring up a requester asking you which drive to check. Enter
the drive name in the box, eg. DF0:, DH1:,RAD: etc. Under WB2.0 you
can also use the "Use Requester" option. It will then check all the
files on that drive. You can also enter directories if you want to
eg, c: df0:c, df0:libs etc.
When Virus_Checker is scanning the disk and you know that a directory
is clear and don't want to check it press control-d in the window
with the filenames and Virus_Checker will ignore that directory and
go back up one level.
If you want to stop the check completely press control-c in the
window with the filenames and Virus_Checker will print a break
message then stop scanning the disk and go back to normal scanning.
If Virus_Checker brings a requester up that says a program just run
has infected your memory with the Xeno Virus, it has already disabled
it. You should immediately check all files on the disks that are in
the drives at that time. This means that a program that you just ran
or a program some other program just ran is infected with the virus
and all files should be checked to find out which one it was.
With viruses which use a RomTag I have decided to clear out all
RomTags to make sure I remove the Viruses from the list. In doing
this you will lose things like Recoverable ram disks such as RAD:,
VD0: etc. If you have a virus make sure that you save anything in the
ram disks that you want before rebooting. The ramdisks and others
will disappear on a reboot. My policy is better safe than sorry.
BRAINFILE ADDITION:
When VC finds a Non-Standard bootblock it will bring up 4 gadgets.
One of these gadgets is Learn. Pressing this will allow VC to
remember this BootBlock and not bother you again with it. To do this
VC writes a file called VCBrainFile to the S: directory. If you have
a single drive this will invoke a requester asking that Volume
something be put in the drive. This will then save to the file. On
Startup VC will check for the file in the S: directory and read it if
it is there. If not it will carry on without it. If you get an error
then VC will tell you about it and will happily write over the file
next time.
NON-STANDARD BOOT CODE:
When Virus_Checker brings up a Requester that says the disk has
non-standard boot code, this means that the code in the boot block is
not what should be there. This does not mean that it is a virus as
many games use copy protection in their boot blocks, and there are many
bootblocks that do interesting things, that are not viruses. You
should however be cautious if it is not a game. Do not replace the
boot block if you are not sure. If something strange happens then
please send a copy of the disk to me so that I can check it out. To
determine if an unknown bootblock is likely a virus:
1. Format a blank disk so you know it is clear.
2. Make sure all disks except the one just formatted are write protected.
3. Boot from the disk that you suspect.
4. Place formatted disk in drive zero and then reboot.
5. Take disk out of drive zero and turn off computer for about 30 secs.
6. Run the Virus_Checker program. If the Virus_Checker finds
non-standard boot code on the newly formatted disk, you have found a
new virus. Please send it to me.
VIRUSES VIRUS_CHECKER DEALS WITH:
Virus_Checker deals with many bootblock viruses, some of which are not
listed here. The ones that are listed here describe all the types of
bootblock viruses, so listing all the rest of them would be redundant.
SCA:
The SCA is the simplest virus to deal with, as it's not actually
DOING anything except hiding in memory, until you reboot. We just
look at CoolCapture and fix it to get it out of RAM.
AEK:
This is a clone of the SCA virus and we get rid of it in the same
manner.
LSD:
Another SCA clone and uses the same code.
BYTE BANDIT:
The Byte Bandit virus takes the DoIO() vector and re-directs it
through itself. Thus, any attempt to read or write the boot block
(ie, AmigaDOS trying to figure out what kind of disk it is) results
in the BB writing itself onto that disk. We couldn't just rewrite
the boot block, we have to get him out of RAM first. This virus also
has an interrupt that crashes the machine every 5 minutes or so after
it's infected a few of your disks. Ow. It stays in memory not via the
Capture vectors, but by a Resident module. When machine looks crashed
press these keys at the same time from left to right LAlt, LAmiga,
Space, RAmiga, RAlt. This will restore things for another 5 minutes.
REVENGE:
Basically, a Byte Bandit clone except it will bring up an obscene
pointer a few minutes after you reboot. We treat it much like the
byte bandit.
BYTE WARRIOR
Jumps right into 1.2 Kickstart. Won't work under 1.3. Hangs around
via Resident struct, doesn't do any damage.
NORTH STAR/STARFIRE:
Like SCA, hangs around via CoolCapture, killing CoolCapture kills the
North Star.
OBELISK SOFTWORKS CREW:
Hangs around via CoolCapture, also watches reads of DoIO() (but
doesn't infect EVERY disk - only ones you boot from).
IRQ:
This is the FIRST Non-Bootblock Virus. It copies itself from place
to place via the first executable program found in your
startup-sequence. It SetFunction's OldOpenLibrary(), has a
KickTagPtr, and lives in the first hunk of an infected program.
PENTAGON CIRCLE:
This one looks at the DoIO vector, and has a CoolCapture vector. It
will write itself over any virus inserted, but not onto anything
else. No danger, easy to eliminate. Holding left button while
booting with this one shows different screen colour, but doesn't get
rid of it.
HCS:
Hooks into the System Z protector. This is another virus
protector that can write itself to disks. Anything that spreads
itself, under any name, is a virus. Doesn't do anything except
during a reboot, then examines disks and writes over viruses.
DISK-DOKTORS:
This is another virus which looks at the DoIO routine for the reading
of any bootblocks. If it finds one it will rewrite a copy of its
code to it if it can. This one also patches into the Vertical Blank
interrupt and seems to format your disk after a certain number of
interrupts (can't be sure though).The nasty bit is it also creates a
task called clipboard.device which spends its life copying itself
through memory fragmenting the memory into small blocks. Calls ROM
CODE direct so won't work under V1.3. We restore the DoIO routine,
the Vert Blank interrupt and RemTask the clipboard.device.
LAMER EXTERMINATOR:
This virus was sent to me by Andrew Mercer of the Palmerston North
group. His letter said that He noticed strange things on his disks.
On disassembling the virus I found that most of it was encrypted and
the data was encrypted randomly using the beam position of the
screen. Thus it appears different each time. It patches the
trackdisk.device to look at reads and writes, It patches the Sumkick
vector in exec in case someone tries to get rid of it. When it
detects a read or a write it will randomly select a sector on the
disk and will check if it is a data block. If it is it will write
LAMER! all over the sector and rewrite it. Some say this Virus will
write to write protected disks. I have not had this happen to me and
I can see no special code in the disassembly to accomplish this feat.
TIMEBOMB:
This is a strange Virus. It does not insert itself into any vectors.
However it will copy itself back to the disk it came from. When the
count gets to 2 it will wipe out the Root Directory of the boot disk
and display an alert. If the count is over 2 it will just display an
alert.
GADAFFI:
Inserts itself into the CoolCapture vector, Uses a RomTag structure
and patches the DoIO vector. Jumps directly into the Kickstart so
will only work under V1.2 Kickstart. After 13 copies it will step the
heads of drives 0 and 1 in and out. We simply clear all vectors and
Use the old V1.2 DoIO code entry point.
BSG9:
This is similar to the IRQ virus in that it does not live in the Boot
Block. It operates differently. Inserts itself into the RomTag
pointer. It then loads the program it replaced and executes it. On
Reboot the RomTag is called. It patches the Intuition OpenWindow
Routine to its code. It then returns. Once AmigaDos opens up the
CLI window the virus code gets run. This gets the startup-sequence
file and gets the first command that is run. It then checks if it is
already here. If not, then it moves this program from its directory
into the devs: directory and renames it a strange name.It then
copies itself to replace the command it just moved. A give away is
the file size. The Virus size is 2608 bytes and there will be a file
with what looks like spaces for its name in the devs: directory. To
get rid of it we copy the file in devs: back to the c: directory and
rename it. Then delete the file in the devs: directory. In memory
all we do is change the RT_INIT code which is run on reboot to do an
immediate RTS. The memory for the program is still used but the Virus
is disabled. It will display a screen of its own which says:
A Computer Virus is a disease
Terrorism is a Transgression
Software Piracy is a crime
This is the Cure
BSG9 [plus some other junk]
WAR HAWK:
This Virus installs itself into the CoolCapture Vector. It
copies itself to the disk when the computer is warm booted. After
every four copies it displays a message. To get rid of it we simply
clear the CoolCapture vector.
VKILL (or AIDS):
This is another virus hidden as a Virus protector. When booted it
copies itself to the stack area that is not used. It then patches
the CoolCapture vector to survive a reboot. It patches the PutMsg
vector of ExecBase to watch for BootBlock reads and writes.When it
finds one it checks it and tells you if a virus is present.If you
want to get rid of it it will copy itself to the disk. To
remove it we Clear the CoolCapture Vector and SetFunction the
PutMsg vector
ULTRAFOX:
This one lives in the CoolCapture vector. When you reboot it will
change the DoIO vector and wait for a BootBlock read.When it finds
one and the disk is not already infected it will write itself to the
bootblock. After every 16 copies it will put a custom copper list
which displays greetings.
PVLPROTECTOR:
This one is another bootblock protector. When it finds a virus it
will write itself to the disk instead of a proper bootblock. All we
do is set the RomTag to do a RTS.
REVENGE LAMER EXTERMINATOR:
This is another file virus. It is supposed to speed up disk
operations by 800%. This was found on a BBS and when run patches
itself into several places. It will read the s:startup-sequence file
on reboot and will edit it so that it runs itself as the program. It
sticks out because the first line in the startup-sequence will be
blank. When the Checker finds it look in the Root directory and you
will find what looks like a blank filename. Virus Checker will rename
this virus for you. You can then delete the virus and alter your
startup-sequence to get rid of the first blank line
UNKNOWN:
This is a virus that has no names anywhere and will only work
under V1.2 Kickstart. Very easy to get rid of.
JITR:
Very mild sort of virus this one. Only writes itself to the
BootBlock. Does nothing else. Easily fixed by clearing the
CoolCapture vector.
MICROSYSTEMS:
Haven't got this one yet so can't tell you much about it.
Just have to restore a vector in the exec.library and clear the Exec
CoolCapture vector.
XENO:
This virus is a very nasty one in the way that it infects all
programs that can be run. It does not need the program to be run but
even someone doing a LIST or DIR on a disk when the virus is present
will infect all those other files on disk. It patches into the
dos.library and takes over the Open(), Lock() and LoadSeg()
calls in dos. This way it can intercept the files being looked at. It
will copy itself to the start of every runnable program and alter the
file so that it still works. There is also an encrypted message which
says 'Greetings from the Xeno Virus' but I have not worked out when
this appears yet. To get rid of it from memory we have to reset the
changed vectors. To get rid of it from the file is very much harder.
First the file has to have the virus removed from the code. Then the
relocation data pointers have to be changed so that everything still
works. When Virus_Checker finds a file infected with the Xeno Virus
it will tell you which file it is and bring up a requester. You can
now check the files on drive zero for further viruses if you want.
16 BIT CREW:
This virus does not do much and only infects disks that you
boot with. To get rid of it from memory we clear the CoolCapture
Vector and restore the DoIO vector.
NEW ALIEN BEAT:
This one will only work under Version 1.2 Kickstart as it jumps into
the ROM code directly. To fix in memory we have to manually patch the
DoIO vector and FindResident Vector with the correct values for 1.2.
and clear the Capture vectors.
BLACKFLASH:
This virus will display a message after a certain amount of
copies of it have been made. It says that your computer is sick and
has a virus. To remove it we just restore the DoIO vector and clear
out the capture vectors.
DIGITAL EMOTIONS:
This is another tame virus. Only infects disks when it is
rebooted. Clean out the Captures vectors and it is gone.
SCARFACE:
This takes over the BeginIO routine in the trackdisk.device
to watch for reads and writes to the disk. When it finds one it will
write itself to the disk. It also has a VertBlank interrupt which
will do something after a while. I think it only reboots the machine.
It also has a romtag which we have to clear out.
TURK:
Another simple virus. Does not do very much. Simple to get rid of.
JOSHUA:
Again, lives in the TrackDisk BeginIO and VertBlank Interrupt. Also
has a RomTag to survive reboots. This one will display a sprite after
so many interrupts. I am not sure what it looks like but maybe
someone wants to wait until it is triggered. It counts interrupts. It
will also infect every disk but in the drive that is not write
protected. Data in it that says something is encoded. To remove we
simply restore the BeginIO code and VertBlank Interrupt and wipe out
the RomTag.
BUTONIC:
This is another file type virus. It uses the DoIO vector to
check for reads to the Root Block of a disk. It will then write the
virus to the disk and add it to the startup-sequence as the first
instruction. The filename of the virus and its comment make it
invisible when doing a DIR but shows up with a LIST. This
will also bring up GURU messages and change the title of the active
window to some german stuff. To get rid of it we clear the ROMTAG,
restore the DoIO vector and delete the file off the disk. You will
need to remove the blank line from the startup-sequence where the
virus was. The second version of this infects the Level 2 Interrupt
as well and uses different file names to hide itself in the
Startup-Sequence.
CENTURIONS;
Another file type virus. It hooks into the Trackdisk BeginIO() vector
and waits for reads to the boot block of a disk. It changes the
SumKickData() vector so that it will survive a checksum. To
get rid of it in memory we simply kill the RomTag vector, restore the
SumKickData vector and patch the trackdisk code it uses to skip over
the virus. When it finds a read to the bootblock it will check the
write protect. It will then find the startup-sequence and find the
name of the first command. It then looks for the command in the root
directory, then the c directory. Once found it adds itself to the
front of the file and is run when the startup-sequence is run again.
Signs of infection are that it adds 3916 bytes to the size of the
file it infects. After every ten copies it will change the pointer to
a smiley face and a message will scroll across it.
CODERS NIGHTMARE:
A boot block virus. Fairly tame this one but it will wreck copy
protected disks. It takes over the DoIO vector waiting for reads to
track zero block 0 then it writes itself to the disk if it can. It
has a level 2 interrupt which after a time will display a message and
then reboot the machine. To remove we just reset the DoIO and Level 2
Interrupt vectors and clear out the RomTag.
FORPIB:
Another boot block virus. It takes over the Trackdisk BeginIO
vector and waits for reads to block 0. Then it copies itself if it
can. It also has a VertBlank Interrupt and after a certain time a
message will appear. (I think). There is a bug in this in that it
tries to use a color register but it has got the wrong value in
there. To remove just restore both vectors and remove the RomTag.
GX TEAM:
Yet another bootblock virus. This just takes over the DoIO vector and
after a certain number of copies it will bring up a requester then
guru. To remove replace the DoIO vector and clear RomTag and Capture
vectors. This virus will only work under version 1.2 kickstart.
GREMLINS:
Yes, another bootblock virus. Sickening isn't it. Don't know what
this one does but very easy to remove. Just zero the Capture vectors,
restore the SumKickData vector and DoIO vector and it's gone.
KAUKI:
This boot block virus will only work under Version 1.2 kickstart. As
I don't have it I can't tell you what is displayed but something is
displayed. Easy to get rid of. Just clear the Capture vector and set
the DoIO vector to $FC06DC just to make sure.
SADDAM virus
This is a file type file that hides itself as the Disk-Validator.
The disk on which it came was unvalidated so AmigaDOS loaded
it to try and validate the disk. This causes the virus to run and
infect your machine. It does infect a lot of vectors that need fixing
when it is found. I just wipe it off the disk and it is left to the
user to put a new Disk-Validator on the disk.
It will change the root block BitMap pointer so that if the virus is
not running AmigaDOS will think the disk is UnValidated and load the
virus. It will also change DATA blocks so DOS does not know them
unless the virus is running. When the virus is triggered it will wipe
out the whole disk and bring up a Requester telling you it is the
SADDAM virus.
CCCP:
This a combination Bootblock and file virus. It changes itself so
that it will write to the BootBlock and to random files on the disk.
The only way to find it on disk is to scan the whole disk.
DISASTER MASTER 2:
This is a fairly simple File type virus. It will write to a disk
after a warm boot and if there is enough room on the disk will make a
file called cls in the C: directory and add cls * as the first line
in the startup-sequence. We just clear the RomTag and
Capture vectors, check the DoIO vector and that's it for memory. Just
wipe the file off the disk and warn the User about the
startup-sequence.
HAWNES:
A simple file type virus. It infects the OpenLibrary()
vector waiting for an opening of intuition.library. It then patches
OpenWindow() to it's own routine. When a window opens it checks the
startup-sequence and if not already present, copies itself to
the disk using DOS. It patched the VertB int and will display
something after a while. It will Wipe out a disk after so
many copies as well. Simple to remove and alter the first
line in your startup-sequence which will hold in hex $C0A0E0A0C0.
RETURN OF THE LAMER:
Another file type virus which replaces the Disk-Validator.
It uses a RomTag to stay in memory, infects vectors, VertBlank Int,
trackdisk.device BeginIO(), and another vector in the
trackdisk. When the RomTag is called it infects the OpenWindow()
vector. Just delete the Disk-Validator and replace it from a
good disk. In memory, just restore the vectors and clear the
RomTag out.
TRAVELLING JACK:
A Link type virus this one installs itself into the internals of
AmigaDOS taking over the BCPL inner workings. To check in memory we
have to wind our way thru many vectors and then reinstall the
original from the virus. To remove from file we just remove the first
code hunk. Seems to copy itself to each file that has been read but
not sure on this.
LIBERATOR:
This is a file virus that says it will remove all viruses but is in
fact a virus itself. It copies itself to the s/startup-sequence with
a line that says 'memcheck s'. You will also find a file
called .FastDir on the disk. After a certain count it will
delete the entire s/startup-sequence and display a message,
and stop access to the floppy drives and DH0:. It will also
stop most virus checking programs by RemTask()ing them.
Virus_Checker 5.30 and above is safe from the current version as
the Task name has been changed. Easy to remove, we just
delete the file.
MENEM'S REVENGE:
This is a Link virus. It starts a Task called a single space. This
task sole job is to Patch the LoadSeg vector in DOS. It thus
infects programs that are run. It is triggered thru the Amiga's
time and will write it's message to files on dh0: and/or df0:
The message it writes and then displays as an Alert is
Menem's Revenge has arrived
Argentina still alive
All VC does is Remove the Task and reset the LoadSeg vector.
It will be removed from files as they are scanned.
It adds 3076 bytes to each file it infects.
There are some problems with this virus. It does not know Amiga
Files very well and will sometimes get it wrong. VC will remove the
virus okay but the program may still not work due to this.
Also when the virus is removed from memory the computer may lock-up
or GURU after a while. This may be due to memory not being freed
properly when the task is removed.
TRABBI:
Harmless link virus. Will try to link itself into all files it can
get at. Uses the drive it was started from. Creates a Task that
will play a tone/music and put up a requester after a delay.
METAMORPHOSIS:
This one is a combination Link/BootBlock virus. It will pick random
files in the c: directory to infect when every the OldOpenLibrary()
call is made. It also infects the DoIO() vector and this will write
the bootblock part of the virus.
************************************************************************
Virus_Checker Version Notes
************************************************************************
1.0 Was an arp.library version.
1.1 Was an port to the normal libraries.
1.2 Had the ByteBandit virus detection added into it.
1.3 Had detection of the 3 Viruses in memory and removal of them.
1.4 Added code to detect + remove the Byte Warrior Virus from memory
and disk.
1.41 Found a slight bug when using DSM to disassemble this.
The program was testing low memory instead of a value when
checking for the Revenge Virus.
1.42 Changed code to be assembled by the CAPE 68K assembler.
which is much faster than A68k or Assem. Now also uses base register
addressing mode for data access.
1.43 Changed code to cut down executable code.
2.0 Added Pentagon, System Z, North Star, Obelisk and the
new IRQ virus which lives in files and not in the Boot Block.
2.1 Corrected a few little bugs in program.
3.0 Did a listing of Source code and found many bugs.
Did a major rewrite to clean it up and saved about 400 bytes.
3.0 Now checks for these viruses -
SCA, AEK, Byte Bandit, Byte Warrior, Revenge, Pentagon Circle
System Z, North Star, Obelisk, Disk-Doktors and the latest IBM
type virus the IRQ virus.
3.01 Got a new virus, Lamer Exterminator. Added code to get rid of it.
3.02 Got a second version of the Lamer Exterminator virus.
3.03 After many requests decided to add checking of BootGirl
BootBlocks which were being registered as Non-Standard. It now
just ignores BootGirl BootBlocks.
4.00 Updated to make better use of the Stack. Now store all variables
on the stack for a saving of 124 bytes in the executable.
4.10 TimeBomb virus added to code.
4.20 Altered startup code to start a separate process to avoid doing
a RunBack -2 Virus_Checker.
4.22 Added Gadaffi virus to checker.
4.23 Found a potentially Fatal Error in Code when accessing Unit
Byte off the Stack.
4.24 Added Graffiti, Ultra Fox, and Phantasmumble Viruses.
Don't actually have these last 3 viruses so anyone please send them
to me if you find them. Still looking for the IRQ Virus as well.
4.25 Added BSG9 virus to code.
4.26 Changed Error Checking on BSG9 virus a bit.
4.27 Got the War Hawks virus and added it. Also added V3 of Lamer
Exterminator virus. Changed checking for BSG9 virus. Now checks
when disk is inserted into drive.
4.28 Found I was losing the memory that was used by the program when
it exited. This was caused by me not UnLoading the Segment used for
the program. Fixed.
4.29 Found program got into a continuous loop when there where no RomTags
present in the system. Fixed.
Also cut code size down a bit more by combining a few checks.
4.30 Put further checking in for the BSG9 virus as sometimes the checker
would not find the file on the disk depending on which directory
it was in. Put VKill virus checking in.
Also Ultra Fox and PVLProtector virus checking added.
4.40 Put in DosSpeed virus and an Unknown virus.It does not have any names
at all.
4.41 Stopped Requester that comes up after pulling disk out.
4.42 Added JITR virus which was sent to me by Jonathan Potter (AUST).
4.43 Added MicroSystems virus checking to code and BootBlock checking of
the HCS II, Opapa, BackFlash, and Australian Parasite viruses.
4.44 Changed code around a bit to get better use of tables and added
Xeno virus check for Memory only.
5.00 Changed user interface to give a new look and better messages.
5.01 Major Bug repaired. V5.00 GURU'ed when checking disk. Worked with
68020 CPU but failed on standard Amigas due to a bad address.
5.02 Was not checking startup-sequence properly when disk was put in
3 1/2" drive when a filename was given as C:SetCPU or something like
that. Came up with a strange filename not being checked. Fixed.
Added second version of Byte Bandit Virus, Someone hacked it.
Added code to remove Xeno virus from files.
5.03 Slight bug corrected in code.
5.04 Have changed this from PD to Freely Redistributable after an offer
from someone to sell Virus_Checker. I feel this still needs to be
at minimal (copying charge) or no charge to be effective.
Also cleaned up the code a bit. This may introduce new bugs so
please tell me about them if you find them
Added checking of IRQ virus when checking for Xeno files on disk.
As the file is in the buffer already this adds very little extra
time to the check. And better safe than sorry.
5.05 Changed text when Xeno Virus found after a program has been run
to warn that the program just run may be the culprit.
5.06 Added 16 Bit crew Virus, New Alien Beat Virus, Digital Emotions
virus, Graffiti Virus, two new versions of the Byte Bandit virus,
ScarFace virus, Turk virus, Joshua virus.
Also a little bug when used with NTSC machines. You could not display
the Boot Block Sectors. Now Startup alters for which machine it is
on. The Startup code is only used once and then the memory for it
is freed.
5.07 Added better Error messages when an error occurs with files.
It will now say File protected from deletion when the file is
protected instead of just saying could not open file.
Added Butonic virus to checker.
5.08 Added Centurions virus to checker.
5.09 Got Aids virus but this is a mutant VKill virus and is found already.
Added Coders nightmare virus to checker.
Added Forpib, GX Team, Gremlins, and Kauki Virus.
Added Centurions and Butonic virus check when scanning disk.
5.10 Finally got IRQ virus and corrected a few bugs in its code.
Added Target, Clist, Abraham, and FAST virus. This FAST virus is
supposed to be from the Federation Against Software Theft. If it is,
then they are just as big arseholes as the pirates themselves.
Added Tick virus.
Added control-c, control-d to multiscan pass so as to stop the scan
if you got the wrong directory or drive.
5.11 Slight bug in removing BSG9 virus if virus not in devs: directory.
Also was picking up some game files as Butonic virus.
5.12 Virus_Checker was finding WB2.0 reboot code as the HCS II virus.
This code may not be in the final release but it is at the moment.
Also SetPatch code moved a bit. Seems to be the same but different.
5.13 Added a Brain File so that you can remember the BootBlocks that
You want to. Games etc.
No new viruses added.
5.14 Added a feature to allow checking for link viruses on startup
eg. virus_checker dh0: will check dh0: before carrying on as usual.
5.15 Slight bug found with brain file.
5.16 ULDV8 virus added. Uses VertB int and RomTag. Very Tame virus.
Also fixed up bugs when using Enforcer. Showed up some reads to
non-existent memory.
5.17 Added OP1 virus. Seemed to confuse VC into think it had a standard
Boot block unless write protected.
5.18 Had to add extra checking for IRQ virus as it found a program that
matched IRQ and VC crashed trying to remove the IRQ virus which
wasn't there.
5.19 Added a much asked for feature so that you can tell VC where to put
its window.
5.20 Added a width parameter as well. Also added 1 new virus called the
SADDAM virus. This virus lives as the Disk-Validator and can infect
an Amiga simply by putting a disk in the drive.
5.21 Added the CCCP virus to the checker.
5.22 Added another version of the Joshua virus. Also fixed bug that occurred
when checking for file viruses and a name was in the File Header.
Added -q option to make VC check and then quit.
5.23 Added ARexx port to Checker. Will Take commands via Arexx. See info
above.
Added Disaster Master Virus 2, another file type virus.
5.24 Added checking memory for Australian Parasite virus, added BootBlock
viruses:- BlowJob ,Butonic-Bahan, Byte Voyager I, Byte Voyager II,
Destructor, DiskGuard, Fast1, ByteWarrior FastLoader (not really a
virus), FICA, Mad II, Hilly, Changed OP1 virus to real name (Joshua),
Changed Tick virus to real name (Julie), Another version of Lamer
Exterminator, MegaMaster, Paradox, Saddam Hussein (Paradox copy),
Termigator, SuperBoy, UltraFox, Vermin viruses.
Another version of the BSG9 file virus was found so I changed the
checking to find both versions.
Added second version of Butonics File virus, added Hawnes file virus.
Added another version of the BSG9 virus and Return Lamer File virus.
Did a big rewrite of the checking for file viruses. Now reads file
once and scans a table of data. Will do the same with Link viruses
later.
5.25 VC was finding BootMenu as the Destructor virus. Changed scanning of
startup-sequence so disks with the cmd sys:c/command would have the
sys: stripped off them. VC could not find these before.
Fixed bug which sometimes screwed the virus name reported in the
requester. 1 BB virus added.
Changed name of DOSSPEED virus to its real name. Revenge Lamer Ext.
5.26 Fixed bug that was shown when disk in df1: had a startup-sequence
entry that said df0:filename. Tried to access df0: when no disk in
drive.
Added Turk Virus file carrier. This was a file that carried to Boot
Block virus Turk.
Added a logic bomb file virus. This would wipe out a floppy after the
the file had been run so many times.
Added about 10 new BootBlock viruses.
5.30 Fixed bug that showed up as DF0:2has... and no learn gadget on display.
Added -n option to make VC window 1x1 pixel/backdrop effectively no
window.
Also added keys to VC. Press 's' key to start Disk Scan (same as right
mouse button), 'm' to do a memory check.
Added a Lamer TimeBomb Virus, EMWurm logic bomb, and another version
of the Travelling Jack virus.
FixSaddam code added to Checker instead of a seperate program
5.31 Small problem with startup from Workbench corrected.
5.32 Fixes a major bug in the FixSaddam code. It Guru'ed under 68000
sometimes and never fixed the Checksums properly.
5.33 Released 6 November 1991.
WB2.0 BootBlock added to code.
True no window option added for those users of WB2.0.
Added liberator virus and fixed slight bug with Saddam virus,did not
reset TD BeginIo Close vectors.
5.34 Increased stack size to 4000 bytes as it was crashing when used with
PowerPacker Patcher.
Added Hackers Ethic BB virus
Little problem with the CTRL-C and CTRL-D when used in FixSaddam mode
5.35 Released 21 November 1991
Added support for the asl.library FileRequester when running under WB2
When you select scan disk you can now select Use Requester gadget and
this will bring up the asl FileRequester
5.36 Released 23 November 1991
Added better handling of Proportional fonts. Requesters look much
better now
5.37 Released 22 December 1991
When scanning the disk for Saddam virus damage and the disk is
unvalidated, VC will change the disk so that it looks validated.
VC will not validate the disk but will make AmigaDOS think it is.
VC will warn you when it does this so you can check the disk with a
program such as FixDisk, Quarterbacktools or (God help me) DiskDoctor.
Small bug in ARexx interface. If you used OPTIONS RESULTS then VC
did not recognize the command.
Added WB2.0 ExAll() code for Link/File scan. This fixes the bug with
RAM: and deleting files while scanning. Only works with WB2.
Using WB2 and ExAll() is alot faster than WB1.3. A test on my DH0:
showed WB1.3 took 1 minute 28 seconds while WB2 took 1 minute. This
was on 531 files in about 12 directories.
Found furthur bug in Requester with Fonts in WB2.04. Window opens up
with normal default font and not what was set. Now do a SetFont() so
I know what I am getting. Real big fonts eg 24 point still seem to
muck up placement of the gadgets but at least it stills readable.
Added menus to VC window. This means right mouse button for Disk Scan
will no longer work.
Bug found in shutdown code. If you pressed the right mouse button
after clicking on the close gadget then VC would GURU.
5.38 Released 15 January 1992
Started adding options screen to VC under WB2.0
Configure file is added as S:VCConfig. Set using options screen under
WB2 but under 1.3 you will have to edit by using a binary file editor
or the AREXX commands.
Added Exec DoIO and Trackdisk.device beginio to vector scan. If these
change VC will warn you.
Small bug, when you removed disk while scanning it. WB2 would recover
but 1.3 started putting out rubbish.
Added 2 versions of Byte Parasite File Virus, another Lamer Trojen,
Freedom file virus,
Added BootBlock viruses, Dotty, another Mad version, Fast Eddie,
French - Kiss, NastyNasty, TriSector, Taipan, Many other new BootBlock
viruses but these are all just mutants of other viruses (Messages changed)
5.39 Released 19 January 1992
Small bug with WB2.0 screens and Requester. If you shanghai'ed a
screen VC put the requester on the right screen but still poped the
Workbench screen to the front.
VC now uses less CPU time but still scans memory every 2-4 seconds.
Bug in Workbench startup code. Guru'ed every time. That is why this
release exists
5.40 Released 22 January 1992
Bug in code to shut down an already running Virus_Checker. Ignored
the kill message totally. Also Bug in Wb2.0 interface when doing a
Virus_Checker -u and then clicking on the USE gadget.
6.00 Released 3 February 1992
New Workbench 2.0 interface added and hotkey support put in.
VC now supports the -l and -t commands again. Don't know why they
stopped working actually.
Bug With Screen title. When used with 2.0 Workbench and no shell,
screen flashed allsorts of colors. Have removed the Screen Title from
VC. Will do it a different way later on.
Bug in checking of BootBlocks. Was not getting error properly from BB
read. Thus if an error occured VC would use the Data from the last BB.
Hopefully this problem is now gone.
6.01 Released 24 February 1992
Added second row of drive gadgets to Interface Window. These will
check all files automatically when disk is inserted.
Changed way I disabled the gadgets when VC is busy with scanning. Now
uses a Request() to disable them.
Bug in VC Requester when it can't remove a link virus due to problems
with the file. The Requester it put up could not be read as it was all
squashed up.
Added Intuition EasyRequester when under WB2.0 and just a normal
requester needed.
Small bug in checking files for link viruses. If file was corrupted in
a certain way VC got into a loop it could not get out off. Have put in
bounds checking to stop it reading outside it's buffer.
It seems the StayResident bit did not work. Have it fixed now.
Added Icon support. You can now configure VC via the icon if started
from Workbench and CLI. (see THE WORKBENCH STARTUP:)
Finally found the trouble with the backdrop option. When used under
WB2.0 the window will get hidden under the screens title bar.
Found the trouble with VC not letting computer change Font or
screenmode and fixed it.
Added -i option to cmd line so that VC won't put up a requester saying
it could not read the bootblock if there was an error.
Added CHECKFILE to arexx side for BBS use. This will take a file,
check and remove any viruses found. It will then return a result to
the calling program saying file was infected.
6.02 Bogus version around so I skipped this one
6.03 Released 30 March 1992
Forgot to free up the VisualInfo when VC opened it's window.
Didn't seem to make much difference. Maybe lost a few bytes of memory
Gave up on using Exit() to end Process after warnings in new AmigaDOS
manual.
Small bug in WarmCapture checking code. If you canceled the requester
VC just kept asking you if you wanted to clear it.
New version of Macro68 with it's new Optimization saved about 500
bytes of Memory. Also Sped up code quite a bit.
Added a new window that comes up during file scan. If any Viruses are
found then the window will wait for you to click on a gadget to continue
Added a new feature. Under WB2 you can VC to watch the s:startup-sequence
for any changes. VC will warn you when this happens.
Redefined default hotkey as Left-Amiga Shift Del as the previous one
clashed with CygnusEd Write function.
FileName buffer was a bit too small. Some people must have really long
directory/filenames.
6.04 Released 8 April 1992
Added Menem's Revenge Virus. Sent to me from the US it was spreading
fast so I thought I had better get this out.
See virus notes on what it does and some bugs.
6.05 Released 12 May 1992
As WB2.0 will not allow Virus_Checker to read a file that is read
protected I have put in some error checking. When doing a directory
scan VC will warn you if the file is Read-Protected.
Small mistake in the WATCHSS from the workbench Start. Would not work
due to a spelling mistake on my part
Added CheckBootBlock\dfx: command to ARexx interface to check
Bootblocks from scripts.
Received Hacked version of Saddam Virus. Someone changed IRAK to LAME
in code. Small change to VC to change these blocks back to normal
Added Trabbi virus. Harmless link virus.
Small bug in Disk Scan code when scanning single file. Called
AllocMem() with a zero size.
Added another version of SCA virus. This one just puts up a screen, no
copying to other disks
Added Bootblock viruses Triplex, Virus_V1_(Wieder_da), another version
of Northstar, Sachsen, GeneStealer, Exterminator, and MG.
Added Metamorphosis virus, this one is a link/BB virus
************************************************************************
