home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Amiga Collections: Taifun
/
Taifun 143 (1990-08-15)(Ossowski, Stefan)(DE)(PD).zip
/
Taifun 143 (1990-08-15)(Ossowski, Stefan)(DE)(PD).adf
/
Berserker
/
Berserker.doc
< prev
next >
Wrap
Text File
|
1990-07-19
|
13KB
|
301 lines
**************************************************************************
*
* B E R S E R K E R IV.a
* -----------------------
*
* © Copyright 1988, 1989, 1990 by Ralf Thanner
*
* This code is entirely written in assembler for the Kuma Seka assembler
*
* Executable program and source code are both in the PUBLIC-DOMAIN!
*
* A small copy fee for Berserker is okay, but anything which looks like
* commercial redistribution is forbidden (remember that!).
*
**************************************************************************
*
* REVISION HISTORY:
* =================
*
* R V1.0 - Just a primitive SCA finder and killer.
*
* R V1.c - Added Byte Bandit & Byte Warrior killer.
* - Improved SCA & SCA mutants killer routine.
* -> OBELISK, AEK, LSD, PENTAGON, BAMIGA SECTOR ONE,
* WARHWAK, MICROMASTER & NORTHSTAR...
*
* R V2.b - Now also finds the Exterminator (LAMER).
*
* R V2.d - Now finds the first link virus (IRQ TEAM 41).
*
* V2.e - Added alert box. Idea by Olaf Barthel.
* - Some cleanups and bug-fixes done.
*
* R V2.e+ - Doesn't refuse to work with Kick 1.3 any more.
* - Added custom bootblock writer.
* - Added kill cold-cool vectors;
* There are just too many SCA clones on the market
* and it is saver to clear these pointers
*
* R V3.0 - Now also finds the BSG 9 link virus.
* - Second (and final?) code cleanup for public
* release (YEAH!!!).
* - Removed the custom bootblock writer, too many guys
* thought Berserker to be some kind of virus in
* disguise.
*
* R V3.0+ - Extended to find Gaddafi and Disk-Doctor viruses.
*
* V3.1 - Extended to find the REVENGE BOOTLOADER virus.
* -> THIS IS A NEW ONE!!!
* - Bug-fix in EXTERMINATOR routine done.
* -> should now find ALL lamer versions....
* - Code cleanup (added some sub-routines).
*
* V3.2 - Extended to find REVENGE (is an old one, but some
* nice guys told me, that berserker should also find
* the old ones....and because BERSERKER crashed when
* memory was infiltrated by REVENGE )
*
* V3.2b - Shortening, speeding up & cleaning the code
* ( and berserker still works.... )
*
* R V3.39c+ - JOKE....
*
* V3.5 - Added Xeno 'killer' routine by STEVE TIBBET.
*
* V4.0 - Added a more userfriendly Cli-Interface and the
* possibility to start BERSERKER from workbench.
*
* R V4.0a - WHAAA, what a pity: forgot to reply message..
* Bug now fixed... Thanks to olaf for this hint.
* - Shortened and improved code again.
*
* R = released version
*
**************************************************************************
WHAT DOES BERSERKER IV DO?
==========================
Berserker is a viruskiller which was designed as a CLI-command. It works
with Kick 1.2, Kick 1.3, 512K and expansion RAM.
Because of the big number of link viruses on the Amiga, I recommend
inserting the Berserker call as the third command in your startup-sequence.
You can start BERSERKER IV either from CLI or from Workbench.
WORKBENCH:
----------
Berserker opens a window and waits for your choice.
You can choose between: '?' - short instructions.
'C' - for checking your memory.
'Q' - for quiting.
CLI:
----
Berserker offers you only one single option:
'berserker ?' - longer instructions.
If you start BERSERKER IV without any command it will start searching
through memory in order to kill these little bastards.
If Berserker finds a virus a Recoverable Alert appears, just click a
mousebutton to continue (this was added due to the possibility that the
Berserker banner message might have been redirected, the chance to know
about a virus in the system won't be wasted this way).
WHICH VIRUSES DOES BERSERKER KNOW?
==================================
1. SCA and all its mutant brothers and sisters
-------------------------------------------
This means AEK, LSD, WARHAWK, OBELISK, PENTAGON, BAMIGA SECTOR ONE....
2. Byte Bandit
-----------
No need for further discussion (or what do you think?).
3. Byte Warrior (DASA0.2)
----------------------
Was the first virus with coded text, so you couldn't recognize it on
the bootblock.
4. The Exterminator (LAMER!) ALL VERSIONS / CODED OR NOT
--------------------------------------------------------
This one fills the tracks of a disk with 'LAMER!LAMER!LAMER!'.
Exterminator is very tricky, if you try to examine the bootblock it
will always look like a normal one. The new version should find all
versions of the LAMER-EXTERMINATOR.
5. The IRQ-Virus
-------------
This one is a link virus. It looks for the second program in the
startup-sequence and tries to infect it. If this fails it will try to
link itself to the DIR command. WARNING!!! Sometimes it also infects
other programs.
If a disk is write-protected the IRQ-virus always brings up a standard
DOS Autorequester like this:
+System Request ==================##|##+
| |
| Volume |
| - Disk name - |
| is write protected |
| |
| +-----+ +------+ |
| |RETRY| |CANCEL| |
| +-----+ +------+ |
+--------------------------------------*
Hint for programmers: the IRQ-virus' vector is OLDOPENLIBRARY(-408),
therefore always use OPENLIBRARY(-552). Unfortunately the standard
Aztec 'C' 3.2a - 3.6a crt0.a68 startup code makes a call to
OldOpenLibrary() to get access to the dos.library. Time for a bug
fix, Manx?
6. The BSG 9-Virus
---------------
This one is a link virus. It looks for the first program in the
startup-sequence and tries to infect it. It saves the modified file
in the DEVS directory with spaces instead of a name. The virus itself
is about 2608 bytes long and becomes visible after four or five
resets; the screen turns black and a message appears:
" A COMPUTER VIRUS IS A DISEASE "
" TERRORISM IS A TRANSGRESSION "
" SOFTWARE PIRACY IS A CRIME "
" THIS IS THE CURE "
" BSG 9 BUNDESGRENZSCHUTZ SEKTION 9 "
" SONDERKOMMANDO 'EDV' "
7. The Gadaffi-Virus
-----------------
This one is a mutant version of the old Byte Warrior. It copies
itself on each disk and tries to play a sound with the disk drive
motor after 12 resets. Even though you might find the music funny,
the drive will be of a different opinion (this may lead to serious
hardware failures!).
8. The Disk-Doctor
---------------
This one is a brand new one. It allocates 12 KBytes after each reset
and ... to be honest, I didn't test what it also does because this
one was very complicated -> before Disk-Doc I had never seen a Task,
nor did I know what you can do with one. I'm lucky enough to be able
to detect and kill it.
( After writing memguard i know a lot more about tasks...)
9. The REVENGE BOOTLOADER
----------------------
This one is just a normal virus with the ASCII text 'REVENGE BOOTLOADER'
in it. Not a very smart idea.....
It looks like as if this one has no message in it, he only copies
himself onto every inserted disk.
This one is a virus of a new generation, it works with every kickstart
and with fast-mem. Nevertheless no chance against BERSERKER....
10. SYSTEM Z
--------
I wanted to add this one but a programm which asks before it copies
itself onto disk is not a virus in my eyes.
11. REVENGE
-------
This is an old one, which contains at the end in the boot following
ASCII text: "REVENGEV1.2 COUNT:"
I had to implement this one because BERSERKER III crashed when REVENGE
was in memory.
12. TIMEBOMB
--------
ARGHHHH!! This one is NOT in memory. TIMEBOMB only tries to copy itself
to the disk in DF1:. The next time you boot the other disk from DF1:
TIMEBOMB fills the whole root track with stuff from loacation $20000.
After killing that disk it displays an alert with it's stupid message.
BERSERKER cannot find and kill this one coz it's not in memory. Sorry!!
Special thanks for this virus must go to DATA BECKER. The asshole who
wrote the virus took all routines out of AMIGA INTERN I.
13. XENO
----
I can tell you nothing about this one, because i never got one..
Therefore i had to take the routine from STEVE TIBBET, the only
reason i did it are my friends. Some of them have a harddisk and
S.T. says that the Xeno spreads like wildfire and infects even
hard-disk. They were so frightened that, (AAARRGH!! it is very
hard to speak out) i took the routine from VIRUSX4.0.
BERSERKER VERSUS VIRUSX
=======================
Don't be afraid of the small number of viruses Berserker seems to know!
Okay, on first sight you might think that Berserker only finds eight
viruses while VirusX 3.20 recognizes sixteen and because of this big
difference you will still use VirusX. BUT: I improved my routines to such
a level that they do MORE THAN IT LOOKS LIKE. The SCA search routine for
example just looks after the cold-capture vector and then checks the
program for a DoIO. With this method Berserker is able to find ALL SCA
mutants, because they all work the same way.
Berserker never checks just for a checksum, it always looks after
the employed pointers and only cares if these pointers are changed.
Therefore Berserker is able to find a virus even though a stupid guy may
have changed the text. In my opinion this is the best way to detect
viruses.
And to tell you the truth: although I'm always hunting for new
viruses did I never get an Obelisk or a Pentagon Circle on one of my disks.
I only had to fight with those I have implemented in my viruskiller.
Berserker IV should be no rival for the very good (and very long... HA
HA) VirusX by Steve Tibbet (good work!) (Olsen: VirusX is one of the
programs with the sloppiest coding style which is only beaten by PopInfo,
therefore it does NOT work with Kick1.3 and doesn't even try to run under
Kick1.4 alpha 15 -> Berserker is better! :-> ). The design is completely
different. (Ralf: I think things have changed a little bit with Virusx4.0)
If you have to fight with the new link viruses i would recommend that you
use 'KV' by Steve Tibbet. Because i didn't get a new one, i wasn't able
to add the killing part for these bastards. Especially when BERSERKER
tells you that you have a XENO in memory.
Nevertheless BERSERKER is still better than most of the other viruskillers.
It is very stupid just to check for a checksum, what happens if an asshole
changes ONE letter ??
ADDITIONAL REMARKS
==================
Special thanks go to:
Olaf B. for testing and ideas
Michael V. for utis, viruses and testing
Henning L. for being one of the BEST assembler freaks
Thorsten H. for also being one of the BEST
Gunnar L. for being a friend and good programmer
Olsen: Berserker was written using the well known Kuma Seka Assembler. As
an American user you might have never heard or seen anything of it. Kuma
did it the British way: Seka does neither generate ALink compatible linker
object files, nor does it apply to the de facto Metacomco MASM (see
Developers' toolkit) standard. For this reason your CAPE, MASM, ASM or AS
will probably refuse to re-assemble the source code. Calls like "MOVE 4.W
A6" will have to be replaced by something like "MOVE 4,A6". Don't wonder
if the executable progam becomes longer than the supplied Berserker file:
it has been compressed using a brilliant object file packer called
"Powerpacker". Berserker is NOT a virus, this IS a guarantee.
Ralf: I love my SEKA and i use calls like 'MOVE 4.w,a6' for speed, you C-FREAK!
P.a.V. (Programmers against Viruses)
MY BEST REGARDS GO TO STEVE TIBBET & FRED FISH!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^