Amiga Collections: Taifun

home *** CD-ROM | disk | FTP | other *** search

/ Amiga Collections: Taifun / Taifun 143 (1990-08-15)(Ossowski, Stefan)(DE)(PD).zip / Taifun 143 (1990-08-15)(Ossowski, Stefan)(DE)(PD).adf / Berserker / Berserker.doc < prev next >

Wrap

Text File | 1990-07-19 | 13KB | 301 lines

************************************************************************** * * B E R S E R K E R IV.a * ----------------------- * * © Copyright 1988, 1989, 1990 by Ralf Thanner * * This code is entirely written in assembler for the Kuma Seka assembler * * Executable program and source code are both in the PUBLIC-DOMAIN! * * A small copy fee for Berserker is okay, but anything which looks like * commercial redistribution is forbidden (remember that!). * ************************************************************************** * * REVISION HISTORY: * ================= * * R V1.0 - Just a primitive SCA finder and killer. * * R V1.c - Added Byte Bandit & Byte Warrior killer. * - Improved SCA & SCA mutants killer routine. * -> OBELISK, AEK, LSD, PENTAGON, BAMIGA SECTOR ONE, * WARHWAK, MICROMASTER & NORTHSTAR... * * R V2.b - Now also finds the Exterminator (LAMER). * * R V2.d - Now finds the first link virus (IRQ TEAM 41). * * V2.e - Added alert box. Idea by Olaf Barthel. * - Some cleanups and bug-fixes done. * * R V2.e+ - Doesn't refuse to work with Kick 1.3 any more. * - Added custom bootblock writer. * - Added kill cold-cool vectors; * There are just too many SCA clones on the market * and it is saver to clear these pointers * * R V3.0 - Now also finds the BSG 9 link virus. * - Second (and final?) code cleanup for public * release (YEAH!!!). * - Removed the custom bootblock writer, too many guys * thought Berserker to be some kind of virus in * disguise. * * R V3.0+ - Extended to find Gaddafi and Disk-Doctor viruses. * * V3.1 - Extended to find the REVENGE BOOTLOADER virus. * -> THIS IS A NEW ONE!!! * - Bug-fix in EXTERMINATOR routine done. * -> should now find ALL lamer versions.... * - Code cleanup (added some sub-routines). * * V3.2 - Extended to find REVENGE (is an old one, but some * nice guys told me, that berserker should also find * the old ones....and because BERSERKER crashed when * memory was infiltrated by REVENGE ) * * V3.2b - Shortening, speeding up & cleaning the code * ( and berserker still works.... ) * * R V3.39c+ - JOKE.... * * V3.5 - Added Xeno 'killer' routine by STEVE TIBBET. * * V4.0 - Added a more userfriendly Cli-Interface and the * possibility to start BERSERKER from workbench. * * R V4.0a - WHAAA, what a pity: forgot to reply message.. * Bug now fixed... Thanks to olaf for this hint. * - Shortened and improved code again. * * R = released version * ************************************************************************** WHAT DOES BERSERKER IV DO? ========================== Berserker is a viruskiller which was designed as a CLI-command. It works with Kick 1.2, Kick 1.3, 512K and expansion RAM. Because of the big number of link viruses on the Amiga, I recommend inserting the Berserker call as the third command in your startup-sequence. You can start BERSERKER IV either from CLI or from Workbench. WORKBENCH: ---------- Berserker opens a window and waits for your choice. You can choose between: '?' - short instructions. 'C' - for checking your memory. 'Q' - for quiting. CLI: ---- Berserker offers you only one single option: 'berserker ?' - longer instructions. If you start BERSERKER IV without any command it will start searching through memory in order to kill these little bastards. If Berserker finds a virus a Recoverable Alert appears, just click a mousebutton to continue (this was added due to the possibility that the Berserker banner message might have been redirected, the chance to know about a virus in the system won't be wasted this way). WHICH VIRUSES DOES BERSERKER KNOW? ================================== 1. SCA and all its mutant brothers and sisters ------------------------------------------- This means AEK, LSD, WARHAWK, OBELISK, PENTAGON, BAMIGA SECTOR ONE.... 2. Byte Bandit ----------- No need for further discussion (or what do you think?). 3. Byte Warrior (DASA0.2) ---------------------- Was the first virus with coded text, so you couldn't recognize it on the bootblock. 4. The Exterminator (LAMER!) ALL VERSIONS / CODED OR NOT -------------------------------------------------------- This one fills the tracks of a disk with 'LAMER!LAMER!LAMER!'. Exterminator is very tricky, if you try to examine the bootblock it will always look like a normal one. The new version should find all versions of the LAMER-EXTERMINATOR. 5. The IRQ-Virus ------------- This one is a link virus. It looks for the second program in the startup-sequence and tries to infect it. If this fails it will try to link itself to the DIR command. WARNING!!! Sometimes it also infects other programs. If a disk is write-protected the IRQ-virus always brings up a standard DOS Autorequester like this: +System Request ==================##|##+ | | | Volume | | - Disk name - | | is write protected | | | | +-----+ +------+ | | |RETRY| |CANCEL| | | +-----+ +------+ | +--------------------------------------* Hint for programmers: the IRQ-virus' vector is OLDOPENLIBRARY(-408), therefore always use OPENLIBRARY(-552). Unfortunately the standard Aztec 'C' 3.2a - 3.6a crt0.a68 startup code makes a call to OldOpenLibrary() to get access to the dos.library. Time for a bug fix, Manx? 6. The BSG 9-Virus --------------- This one is a link virus. It looks for the first program in the startup-sequence and tries to infect it. It saves the modified file in the DEVS directory with spaces instead of a name. The virus itself is about 2608 bytes long and becomes visible after four or five resets; the screen turns black and a message appears: " A COMPUTER VIRUS IS A DISEASE " " TERRORISM IS A TRANSGRESSION " " SOFTWARE PIRACY IS A CRIME " " THIS IS THE CURE " " BSG 9 BUNDESGRENZSCHUTZ SEKTION 9 " " SONDERKOMMANDO 'EDV' " 7. The Gadaffi-Virus ----------------- This one is a mutant version of the old Byte Warrior. It copies itself on each disk and tries to play a sound with the disk drive motor after 12 resets. Even though you might find the music funny, the drive will be of a different opinion (this may lead to serious hardware failures!). 8. The Disk-Doctor --------------- This one is a brand new one. It allocates 12 KBytes after each reset and ... to be honest, I didn't test what it also does because this one was very complicated -> before Disk-Doc I had never seen a Task, nor did I know what you can do with one. I'm lucky enough to be able to detect and kill it. ( After writing memguard i know a lot more about tasks...) 9. The REVENGE BOOTLOADER ---------------------- This one is just a normal virus with the ASCII text 'REVENGE BOOTLOADER' in it. Not a very smart idea..... It looks like as if this one has no message in it, he only copies himself onto every inserted disk. This one is a virus of a new generation, it works with every kickstart and with fast-mem. Nevertheless no chance against BERSERKER.... 10. SYSTEM Z -------- I wanted to add this one but a programm which asks before it copies itself onto disk is not a virus in my eyes. 11. REVENGE ------- This is an old one, which contains at the end in the boot following ASCII text: "REVENGEV1.2 COUNT:" I had to implement this one because BERSERKER III crashed when REVENGE was in memory. 12. TIMEBOMB -------- ARGHHHH!! This one is NOT in memory. TIMEBOMB only tries to copy itself to the disk in DF1:. The next time you boot the other disk from DF1: TIMEBOMB fills the whole root track with stuff from loacation $20000. After killing that disk it displays an alert with it's stupid message. BERSERKER cannot find and kill this one coz it's not in memory. Sorry!! Special thanks for this virus must go to DATA BECKER. The asshole who wrote the virus took all routines out of AMIGA INTERN I. 13. XENO ---- I can tell you nothing about this one, because i never got one.. Therefore i had to take the routine from STEVE TIBBET, the only reason i did it are my friends. Some of them have a harddisk and S.T. says that the Xeno spreads like wildfire and infects even hard-disk. They were so frightened that, (AAARRGH!! it is very hard to speak out) i took the routine from VIRUSX4.0. BERSERKER VERSUS VIRUSX ======================= Don't be afraid of the small number of viruses Berserker seems to know! Okay, on first sight you might think that Berserker only finds eight viruses while VirusX 3.20 recognizes sixteen and because of this big difference you will still use VirusX. BUT: I improved my routines to such a level that they do MORE THAN IT LOOKS LIKE. The SCA search routine for example just looks after the cold-capture vector and then checks the program for a DoIO. With this method Berserker is able to find ALL SCA mutants, because they all work the same way. Berserker never checks just for a checksum, it always looks after the employed pointers and only cares if these pointers are changed. Therefore Berserker is able to find a virus even though a stupid guy may have changed the text. In my opinion this is the best way to detect viruses. And to tell you the truth: although I'm always hunting for new viruses did I never get an Obelisk or a Pentagon Circle on one of my disks. I only had to fight with those I have implemented in my viruskiller. Berserker IV should be no rival for the very good (and very long... HA HA) VirusX by Steve Tibbet (good work!) (Olsen: VirusX is one of the programs with the sloppiest coding style which is only beaten by PopInfo, therefore it does NOT work with Kick1.3 and doesn't even try to run under Kick1.4 alpha 15 -> Berserker is better! :-> ). The design is completely different. (Ralf: I think things have changed a little bit with Virusx4.0) If you have to fight with the new link viruses i would recommend that you use 'KV' by Steve Tibbet. Because i didn't get a new one, i wasn't able to add the killing part for these bastards. Especially when BERSERKER tells you that you have a XENO in memory. Nevertheless BERSERKER is still better than most of the other viruskillers. It is very stupid just to check for a checksum, what happens if an asshole changes ONE letter ?? ADDITIONAL REMARKS ================== Special thanks go to: Olaf B. for testing and ideas Michael V. for utis, viruses and testing Henning L. for being one of the BEST assembler freaks Thorsten H. for also being one of the BEST Gunnar L. for being a friend and good programmer Olsen: Berserker was written using the well known Kuma Seka Assembler. As an American user you might have never heard or seen anything of it. Kuma did it the British way: Seka does neither generate ALink compatible linker object files, nor does it apply to the de facto Metacomco MASM (see Developers' toolkit) standard. For this reason your CAPE, MASM, ASM or AS will probably refuse to re-assemble the source code. Calls like "MOVE 4.W A6" will have to be replaced by something like "MOVE 4,A6". Don't wonder if the executable progam becomes longer than the supplied Berserker file: it has been compressed using a brilliant object file packer called "Powerpacker". Berserker is NOT a virus, this IS a guarantee. Ralf: I love my SEKA and i use calls like 'MOVE 4.w,a6' for speed, you C-FREAK! P.a.V. (Programmers against Viruses) MY BEST REGARDS GO TO STEVE TIBBET & FRED FISH! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^