home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
AmigActive 19
/
AACD19.BIN
/
AACD
/
System
/
Safe14.9
/
Safe.readme
< prev
Wrap
Text File
|
2001-02-03
|
2KB
|
55 lines
name: Safe
short: Safe v14.9 - virus dicovering system
author: Zbigniew Trzcionkowski (zeeball@interia.pl)
uploader: Tomasz Wiszkowski (t_error@interia.pl)
version: 14.9 (05.02.2001)
requires: Amiga with OS 2.04+ (xvs.library strongly recommended)
type: util/virus
STATUS: FreeWare
FEATURES:
- system friendly, non resident, can discover new link viruses
- TCP newshell guard option
- ANTISTEALTH abilities and HEURISTIC vector check option
- `Safe VECS` allows You to REMOVE ANY patches from
LoadSeg and NewLoadSeg vectors!
- build in memory removals for NeuroticDeath1&2, HNY99/IOZ,
rexxfunc trojan, PolishPower, Expl0de (Thanks to Jan Andersen)
- please get from Aminet the newest xvs.library!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
There is new trojan. This is another clone of those stupid
Vaginitis viruses, but it appeared with some support
stuff (probably not found until now).
The analyze of stuff I get is available in this archive.
Safe can kill the virus in memory, and support patch (c:f)
on dos/Write. Also Quicktest has been made to check c:f.
The virus opens remote shell TCP:9876.
Thanks to Jan Andersen and Patrick Ford.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
NOTE THAT SAFE IS VIRUS DETECTOR - NOT FILE CHECKER OR CLEANER!
IT ONLY INFORMS ABOUT ATTACK AND REMOVES VIRUS FROM MEMORY
IF POSSIBLE!
$VER: - SIZE, COMMENTS
v14.7 - 7000, Expl0de trojan memory removals (Thanks to Jan Andersen
and Patrick Ford)
v14.8 - 7000, added heuristic detector for this stupid
Vaginitis-like TCP hack system that someone uses.
From now if Safe gives You message:
'TCP hacking system structures detected on LoadSeg'
without the name of the virus You are probably
hacked with new variant of this stupid system.
I suggest investigation of changes in the system,
and in most cases the changed file will be C:mount
(please mail such stuff to me or to VHT-DK)
Also information about source of this shit will
be very valuable to us.
v14.9 - 7000, few code optimizations